Good work. I think you're right, most policy authors would rather just drop the unrequested replies, so dropping them on the floor silently feels like the path of least surprise.
Maybe it would be useful to provide some debug logging option for these but I doubt it'd ever repay the time it would take to add one. If it's easier than I suspect, though, maybe.. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1362469 Title: AppArmor unrequested reply protection generates unallowable denials Status in dbus package in Ubuntu: Triaged Bug description: Starting with utopic's dbus 1.8.6-1ubuntu1 package, the new AppArmor unrequested reply protections can generate some denials that can't easily be allowed in policy. For example, when running a confined pasaffe, you see these denials when starting and closing pasaffe: apparmor="DENIED" operation="dbus_error" bus="session" error_name="org.freedesktop.DBus.Error.UnknownMethod" mask="send" name=":1.22" pid=4993 profile="/usr/bin/pasaffe" peer_pid=3624 peer_profile="unconfined" It isn't obvious how to construct an AppArmor D-Bus rule to allow that operation. A bare "dbus," rule allows it but that's not acceptable for profiles implementing tight D-Bus confinement. The code that implements unrequested reply protections should be reviewed for issues and, if everything looks good there, investigations into how to allow the operation that triggers the above denial should occur. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1362469/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp