Comments (8)
roddhjav
commented on May 22, 2024
1
You are right, I will update the way dbus logs are printed.
Yes, /var/log/audit/audit.log does not include dbus session entry. As syslog is not present on some distribution (arch), aa-log has an option (-d) to only show dbus session entry using journalctl.
from apparmor.d.
roddhjav
commented on May 22, 2024
Could you tell me what's the issue here? This is not a mistake, more a representation decision as there is no name= in dbus rules.
The real issue is that aa-log should have removed everything before apparmor="ALLOWED". I will fix this soon.
from apparmor.d.
nobody43
commented on May 22, 2024
Because this information is not about profile itself, but about it's neighbor (peer). Known confusion in naming, same with unix's peers and labels. Sure fixing it in the kernel is out of the scope of this project. Maybe name for dbus can be omitted, resulting in something like profile parser wants:
lightdm dbus_signal receive bus=system path=/org/freedesktop/Accounts/User1000 interface=org.freedesktop.Accounts.User member=Changed peer=(name=:1.6, label=accounts-daemon)
The real issue is that aa-log should have removed everything before apparmor="ALLOWED".
Perhaps it's because I passed /var/log/syslog to aa-log. :) Now I see there's no dbus entries in /var/log/audit/audit.log.
from apparmor.d.
nobody43
commented on May 22, 2024
A note here. DBus can have name, without peer, but only with bind operation:
type=USER_AVC msg=audit(1662575819.496:1487): pid=2009 uid=0 auid=0 ses=2 subj=? msg='apparmor="ALLOWED" operation="dbus_bind" bus="session" name="org.freedesktop.impl.portal.PermissionStore" mask="bind" pid=2024 label="xdg-permission-store" exe="/usr/bin/dbus-daemon" sauid=0 hostname=? addr=? terminal=?'UID="root" AUID="root" SAUID="root"
ALLOWED xdg-permission-store dbus_bind org.freedesktop.impl.portal.PermissionStore bind bus=session
dbus bind bus=session
name=org.freedesktop.impl.portal.PermissionStore,
from apparmor.d.
nobody43
commented on May 22, 2024
unix:
type=AVC msg=audit(1663014464.673:1689): apparmor="ALLOWED" operation="connect" profile="gnome-control-center" pid=3746 comm="pool-gnome-cont" family="unix" sock_type="stream" protocol=0 requested_mask="send receive connect" denied_mask="send receive connect" addr=none peer_addr="@/home/testuser/.cache/ibus/dbus-v7Mb0EsW" peer="ibus-daemon"
ALLOWED gnome-control-center connect comm=pool-gnome-cont family=unix sock_type=stream protocol=0 requested_mask="send receive connect" denied_mask="send receive connect" peer=ibus-daemon addr=none peer_addr=@/home/testuser/.cache/ibus/dbus-v7Mb0EsW
unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-*", label=ibus-daemon),
Total confusion.
from apparmor.d.
roddhjav
commented on May 22, 2024
Fixed long ago.
from apparmor.d.
curiosityseeker
commented on May 22, 2024
Yes,
/var/log/audit/audit.logdoes not include dbus session entry. As syslog is not present on some distribution (arch), aa-log has an option (-d) to only show dbus session entry using journalctl.
The -d switch is obviously succeeded by the -s switch. However, when I tried that I got the error message:
json: cannot unmarshal array into Go struct field systemdLog.MESSAGE of type string
from apparmor.d.
roddhjav
commented on May 22, 2024
This is usually when the output of journalctl is empty. I still need to fix this (it works find most of the time).
from apparmor.d.
Related Issues (20)
- aa-log -s yields "read .: is a directory" HOT 2
- Fish shell support HOT 4
- Issue when trying to install mariadb-client & mariadb-server on Deb12 HOT 1
- Adjust profiles when building for Kicksecure/Whonix to accomodate hardened malloc usage HOT 4
- Defining a threat model HOT 8
- Catch for borg backup using S3 backup storage HOT 2
- Firefox does not print to file HOT 6
- Apparmor option to specify $PWD in profile rules HOT 4
- Flatpak / bubblewrap no longer working HOT 5
- aalog -r and -R do not honor the owner qualifier HOT 2
- EndeavourOS does not boot after installing apparmor.d-git HOT 5
- Firefox profile capabilities HOT 3
- Question: No New Privs HOT 1
- Flatpak aa-log HOT 2
- build process should not require a network connection HOT 2
- build security of dependencies? HOT 2
- Found reference to variable gdm_local_dirs, but is never declared (gnome-keyring-daemon) HOT 1
- aa-log reports from EndeavourOS (Arch, KDE) HOT 2
- Mutt child-pager HOT 1
- Visual Studio Code C# intellisense/debugger does not work with AppArmor enabled HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apparmor.d.