I forgot to mention what brought me to this bug. I am seeing this denial when running tcpdump in Ubuntu Yakkety:
apparmor="DENIED" operation="connect" profile="/usr/sbin/tcpdump" name="/run/dbus/system_bus_socket" pid=25098 comm="tcpdump" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 After pulling the dbus-strict abstraction into the tcpdump profile, I then see this denial: pid=2204 uid=105 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/resolve1" interface="org.freedesktop.resolve1.Manager" member="ResolveAddress" mask="send" name="org.freedesktop.resolve1" pid=25438 label="/usr/sbin/tcpdump" peer_pid=2471 peer_label="unconfined" My proposed fix grants access to the ResolveAddress, ResolveHostname, ResolveRecord, and ResolveService methods of the D-Bus API. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1598759 Title: AppArmor nameservice abstraction doesn't allow communication with systemd-resolved To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1598759/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
