[Touch-packages] [Bug 2120211] Re: apparmor breaks authd authentication

Tue, 12 Aug 2025 10:50:35 -0700 

unix_chkpwd did not have a /run/authd.sock rule ever since the profile's
introduction in Ubuntu Noble. Can you confirm that Noble and Plucky are
also affected, besides of the Questing in the logs you shared?

** Tags added: sec-7245

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2120211

Title:
  apparmor breaks authd authentication

Status in apparmor package in Ubuntu:
  New

Bug description:
  Via `su user1`

  ago 08 21:59:53 questing unix_chkpwd[3128]: could not obtain user info (user1)
  ago 08 21:59:53 questing kernel: audit: type=1400 audit(1754704793.303:385): 
apparmor="DENIED" operation="connect" class="file" profile="unix-chkpwd" 
name="/run/authd.sock" pid=3128 comm="unix_chkpwd" requested_mask="wr" 
denied_mask="wr" fsuid=0 ouid=0

  or via gdm login

  ago 08 21:43:55 questing gnome-shell[2060]: authd: Starting authd protocol
  ago 08 21:43:55 questing gnome-shell[2060]: authd: Broker selected 2221040704
  ago 08 21:43:55 questing gnome-shell[2060]: authd: Starting challenge request 
form Gimme your password
  ago 08 21:43:57 questing gnome-shell[2060]: authd: Access response: granted
  ago 08 21:43:57 questing gdm-authd][3057]: gkr-pam: no password is available 
for user
  ago 08 21:43:57 questing unix_chkpwd[3074]: could not obtain user info (user1)
  ago 08 21:43:57 questing kernel: audit: type=1400 audit(1754703837.389:387): 
apparmor="DENIED" operation="connect" class="file" profile="unix-chkpwd" 
name="/run/authd.sock" pid=3074 comm="unix_chkpwd" requested_mask="wr" 
denied_mask="wr" fsuid=0 ouid=0
  ago 08 21:43:57 questing gnome-shell[2060]: authd: Got a problem: Non 
funziona. Provare nuovamente.
  ago 08 21:43:58 questing gnome-shell[2060]: authd: Cancelling authentication

  This is a new issue, while I was not able to track when it was
  introduced, it seems to affect also apparmor 4.1.1-0ubuntu6

  This implies that corporate laptops users running questing cannot
  login or unlock their devices.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2120211/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to