Ubuntu
apparmor package

Due to AppArmor profile restrictions Telepathy can't connect when networkd used instead of NetworkManager

Bug #1529074 reported by RussianNeuroMancer
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
High
Jamie Strandboge

Bug Description

Due to AppArmor profile restrictions Telepathy can't connect when networkd used instead of NetworkManager. That was tested with KDE Telepathy on Kubuntu 16.04. Error message:

[ 2907.344638] audit: type=1400 audit(1450959038.587:32): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3758 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2907.345097] audit: type=1400 audit(1450959038.587:33): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3758 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2925.300267] audit: type=1400 audit(1450959056.544:34): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3765 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2925.300656] audit: type=1400 audit(1450959056.544:35): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3765 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2932.915149] audit: type=1400 audit(1450959064.156:36): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3772 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2932.915975] audit: type=1400 audit(1450959064.156:37): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3772 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2973.949765] audit: type=1400 audit(1450959105.184:38): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3833 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2973.951471] audit: type=1400 audit(1450959105.188:39): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3833 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125

RussianNeuroMancer (russianneuromancer)
tags: added: apparmor wily xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in telepathy-mission-control-5 (Ubuntu):
status: New → Confirmed
Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

Workaround: add line
/run/systemd/resolve/resolv.conf r,
to section /usr/lib/telepathy/telepathy-* in file /etc/apparmor.d/usr.lib.telepathy and then restart AppArmor.

Alberto Salvia Novella (es20490446e)
Changed in telepathy-mission-control-5 (Ubuntu):
importance: Undecided → High
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Rather than adding this to the telepathy profile, it should be added to the apparmor nameservice abstraction.

affects: telepathy-mission-control-5 (Ubuntu) → apparmor (Ubuntu)
Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → In Progress
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.10-0ubuntu10

---------------
apparmor (2.10-0ubuntu10) xenial; urgency=medium

  * debian/patches/lp1529074.patch: for systems using networkd, add read on
    /run/systemd/resolve/resolv.conf (LP: #1529074)

 -- Jamie Strandboge <email address hidden> Tue, 05 Jan 2016 10:00:20 -0600

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

Thanks for fix!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.