[Bug 2086203] Re: Snapd update now blocks DBUS resolve1.Manager GetLink member

Ernest Lotter Thu, 06 Mar 2025 01:20:57 -0800

Verification on Jammy:
----------------------

>>> Confirm version


snap version
snap    2.67.1+22.04
snapd   2.67.1+22.04
series  16
ubuntu  22.04
kernel  5.15.0-134-generic

>>> Confirm modification to netbird apparmor profile as per
https://github.com/canonical/snapd/commit/1bb03faf6b57932972bca00f014277b97126247a

/var/lib/snapd/apparmor/profiles$ grep -r "GetLink" -a5b10
snap.netbird.service-run-31127-     bus=system
snap.netbird.service-run-31143-     path="/org/freedesktop/resolve1"
snap.netbird.service-run-31181-     interface="org.freedesktop.resolve1.Manager"
snap.netbird.service-run-31231-     
member="SetLink{DefaultRoute,DNSOverTLS,DNS,DNSEx,DNSSEC,DNSSECNegativeTrustAnchors,MulticastDNS,Domains,LLMNR}"
snap.netbird.service-run-31349-     peer=(name="org.freedesktop.resolve1", 
label=unconfined),
snap.netbird.service-run-31412-
snap.netbird.service-run-31413-dbus (send)
snap.netbird.service-run-31425-     bus=system
snap.netbird.service-run-31441-     path="/org/freedesktop/resolve1"
snap.netbird.service-run-31479-     interface="org.freedesktop.resolve1.Manager"
snap.netbird.service-run:31529:     member="GetLink"
snap.netbird.service-run-31551-     peer=(name="org.freedesktop.resolve1", 
label=unconfined),
snap.netbird.service-run-31614-
snap.netbird.service-run-31615-dbus (send)
snap.netbird.service-run-31627-     bus=system
snap.netbird.service-run-31643-     path="/org/freedesktop/resolve1/link/*"
snap.netbird.service-run-31688-     interface="org.freedesktop.resolve1.Link"
snap.netbird.service-run-31735-     
member="Set{DNS,DNSSEC,DNSSECNegativeTrustAnchors,MulticastDNS,Domains,LLMNR}"
snap.netbird.service-run-31819-     peer=(name="org.freedesktop.resolve1", 
label=unconfined),
snap.netbird.service-run-31882-
snap.netbird.service-run-31883-dbus (send)

>>> confirm denial is not happening

aa-exec -p snap.netbird.service-run -- dbus-send --print-reply --system 
--dest=org.freedesktop.resolve1     /org/freedesktop/resolve1 
org.freedesktop.resolve1.Manager.GetLink     int32:2
method return time=1741252287.453234 sender=:1.1 -> destination=:1.38 serial=6 
reply_serial=2
   object path "/org/freedesktop/resolve1/link/_32"

Also monitoring apparmor denials in the background:

No denials.

Result: PASS

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2086203

Title:
  Snapd update now blocks DBUS resolve1.Manager GetLink member

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/2086203/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2086203] Re: Snapd update now blocks DBUS resolve1.Manager GetLink member

Reply via email to