Join Log in
Score:1
avatar Ubuntu

apparmor denied lots of operation from snap, should I worry?

mx flag
Wang

Lots of dbus_method_call are denied. If they are insecure why snap is doing this. If they are safe why apparmor denies them? Should I worry about this? I donot want to get flooded by DENIED, because the normal practice is to react immediately if we see constant denied message in audit which usually means we are under attack.

audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/PackageKit/Vendor.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/appstream.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/PackageKit/Vendor.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/appstream.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=3828 label="snap.teams.teams" peer_pid=1619 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.login1.Manager" member="Inhibit" mask="send" name="org.freedesktop.login1" pid=3828 label="snap.teams.teams" peer_pid=1660 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.UPower" pid=3828 label="snap.teams.teams" peer_pid=1981 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="GetDisplayDevice" mask="send" name="org.freedesktop.UPower" pid=3828 label="snap.teams.teams" peer_pid=1981 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="EnumerateDevices" mask="send" name="org.freedesktop.UPower" pid=3828 label="snap.teams.teams" peer_pid=1981 peer_label="unconfined"

audit[8368]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=8368 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[8368]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/gimp/2.0/" pid=8368 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[8368]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/libreoffice/help/" pid=8368 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[8340]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/fstab" pid=8340 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

audit[6690]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.chromium" name="/usr/share/cups/doc-root/" pid=6690 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[6690]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.chromium" name="/usr/share/gimp/2.0/" pid=6690 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[6690]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.chromium" name="/usr/share/libreoffice/help/" pid=6690 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[6782]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/implicit_layer.d/" pid=6782 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6782]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/implicit_layer.d/" pid=6782 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6782]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/icd.d/" pid=6782 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c90:0" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c90:1" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c511:0" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/+dmi:id" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
601
0 + 1
user535733 avatar
cn flag
user535733
Please file a bug report with the Snap author.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.