Hello - Thanks for the bug report!
I'm unable to reproduce the behavior that you're experiencing. Please
include more information about your environment such as the apparmor
package version and kernel version (/proc/version_signature).
Here's how I tested:
$ cmd="dbus-send --print-reply --system --dest=org.freedesktop.DBus
--type=method_call /org/freedesktop/DBus org.freedesktop.DBus.ListNames"
method return time=1498517150.253153 sender=org.freedesktop.DBus ->
destination=:1.58 serial=3 reply_serial=2
array [
string "org.freedesktop.DBus"
...
string ":1.19"
]
$ echo "profile complain-all flags=(complain) { }" | sudo apparmor_parser -qr
$ aa-exec -p complain-all -- $cmd
method return time=1498517219.310650 sender=org.freedesktop.DBus ->
destination=:1.59 serial=3 reply_serial=2
array [
string "org.freedesktop.DBus"
...
string ":1.19"
]
If AppArmor was denying D-Bus communications even with flags=(complain),
the `aa-exec -p complain-all -- $cmd` command would not have been able
to display the list of connected D-Bus clients.
Can you share how you came to the conclusion that AppArmor is
incorrectly denying D-Bus communications even when the profile is in
complain mode?
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700231
Title:
16.04 , apparmor denies dbus communications even with flags=(complain)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1700231/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
