Public bug reported:
Usage of `libnss-resolve` socket is blocked by apparmor.
Evidence:
- Install `libnss-resolve`
- Set /etc/nsswitch.conf to have `hosts: files resolve`
- Try resolving anything, it fails
`strace` of affected process reveals:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = -1 EACCES
(Permission denied)`
Run `aa-disable` on affected profile and `strace` it again, it works:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = 0`
Note that using `aa-complain` DOES NOT work.
p.s. has this ever worked?
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: Confirmed
** Tags: apparmor libnss-resolve systemd-resolved
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2051506
Title:
apparmor blocks libnss-resolve socket
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
Usage of `libnss-resolve` socket is blocked by apparmor.
Evidence:
- Install `libnss-resolve`
- Set /etc/nsswitch.conf to have `hosts: files resolve`
- Try resolving anything, it fails
`strace` of affected process reveals:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = -1 EACCES
(Permission denied)`
Run `aa-disable` on affected profile and `strace` it again, it works:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = 0`
Note that using `aa-complain` DOES NOT work.
p.s. has this ever worked?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2051506/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
