Public bug reported:
cosmic
apparmor 2.12-4ubuntu8
kernel 4.18.0-8-generic #9-Ubuntu
I'm getting these audit messages in dmesg showing apparmor denied errors:
[ 68.649187] audit: type=1107 audit(1539094926.655:32): pid=605 uid=105
auid=4294967295 ses=4294967295 subj==unconfined msg='apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/systemd1"
interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers"
mask="send" name="org.freedesktop.systemd1" pid=1091 label="/usr/sbin/named"
peer_pid=1 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=105 hostname=? addr=?
terminal=?'
[ 161.059989] audit: type=1107 audit(1539095018.957:33): pid=605 uid=105
auid=4294967295 ses=4294967295 subj==unconfined msg='apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/systemd1"
interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers"
mask="send" name="org.freedesktop.systemd1" pid=1191 label="/usr/sbin/named"
peer_pid=1 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=105 hostname=? addr=?
terminal=?'
[ 437.582034] audit: type=1107 audit(1539095295.553:34): pid=605 uid=105
auid=4294967295 ses=4294967295 subj==unconfined msg='apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/systemd1"
interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers"
mask="send" name="org.freedesktop.systemd1" pid=1534 label="/usr/sbin/named"
peer_pid=1 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=105 hostname=? addr=?
terminal=?'
[ 468.184231] audit: type=1107 audit(1539095326.159:35): pid=605 uid=105
auid=4294967295 ses=4294967295 subj==unconfined msg='apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/systemd1"
interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers"
mask="send" name="org.freedesktop.systemd1" pid=1577 label="/usr/sbin/named"
peer_pid=1 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=105 hostname=? addr=?
terminal=?'
I pinged #ubuntu-hardened, and xnox had these comments:
<xnox> ha
<xnox> ahasenack, libnss-systemd was denied talking to pid1
<xnox> to query dynamicusers i think
<xnox> so i think something somehwere need adjustemnt to allow libnss-systemd
to talk to pid1 and call GetDynamicUsers
<xnox> LookupDynamicUserByName LookupDynamicUserByUID GetDynamicUsers
<xnox> as well
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1796911
Title:
libnss-systemd was denied talking to pid1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1796911/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
