Hostnamectl: Failed to query system properties: Access denied

milko.uzunov · May 4, 2023, 10:28am

Can anyone help with this? How to fix it?

AVC apparmor=“DENIED” operation=“open” profile=“snap.aps.daemon” name="/proc/1/environ" pid=1986 comm=“udevadm” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 May 04 10:07:11 ubuntutest kernel: audit: type=1400 audit(1683194831.720:125): apparmor=“DENIED” operation=“open” profile=“snap.aps.daemon” name="/proc/1/environ" pid=1986 comm=“udevadm” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 May 04 10:07:11 ubuntutest dbus-daemon[1038]: [system] Successfully activated service ‘org.freedesktop.hostname1’ May 04 10:07:11 ubuntutest systemd[1]: Started Hostname Service. May 04 10:07:11 ubuntutest audit[1038]: USER_AVC pid=1038 uid=100 auid=4294967295 ses=4294967295 subj=unconfined msg=‘apparmor=“DENIED” operation=“dbus_method_call” bus=“system” path="/org/freedesktop/systemd1" interface=“org.freedesktop.DBus.Properties” member=“GetAll” mask=“send” name=“org.freedesktop.systemd1” pid=1967 label=“snap.aps.daemon” peer_pid=1 peer_label=“unconfined” exe="/usr/bin/dbus-daemon" sauid=100 hostname=? addr=? terminal=?’

I connected hostname-control. hostname-control aps:hostname-control :hostname-control

ogra · May 4, 2023, 10:42am

looks like your code somehow calls udevadm along with trying to query the hostname (btw it helps a lot to use three backticks ``` before and after pasted content to make it readable for all of us …) …

…also, did you check with the snappy-debug tool (from the snappy-debug snap) if there might be other interfaces missing for your query ? technically hostname-control should be enough for the dbus call though:

github.com

snapcore/snapd/blob/master/interfaces/builtin/hostname_control.go#L45


/etc/hostname w,            # read allowed by default
# on core /etc/hostname is a link to /etc/writable/hostname
/etc/writable/hostname w,
#include <abstractions/dbus-strict>
/{,usr/}{,s}bin/hostnamectl           ixr,
# Allow access to hostname system service
# do not use peer=(label=unconfined) here since this is DBus activated
dbus (send)
    bus=system
    path=/org/freedesktop/hostname1
    interface=org.freedesktop.DBus.Properties
    member="Get{,All}",
dbus (send)
    bus=system
    path=/org/freedesktop/hostname1
    interface=org.freedesktop.DBus.Introspectable
    member=Introspect,

milko.uzunov · May 4, 2023, 11:08am

Yes, I checked. This is the result.

sudo snappy-debug --only-snap=aps
kernel.printk_ratelimit = 0
= AppArmor =
Time: May 04 11:03:09
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/usr/local/share/fonts/" pid=15526 comm="aps-firmware-3." requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /usr/local/share/fonts/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: May 04 11:03:10
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/etc/" pid=15580 comm="sh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /etc/ (read)
Suggestions:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15812 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15816 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15818 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15826 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15827 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15816 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15826 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15827 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15816 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15826 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15827 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:03:12
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15829 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15830 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15831 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15832 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15833 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15837 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15839 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15840 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15840 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15842 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15843 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15844 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15845 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15846 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15847 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15848 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15849 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15850 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15851 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15852 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15853 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15854 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15855 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15856 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15858 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15857 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15858 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15857 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15859 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15860 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15861 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15862 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15863 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15864 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15865 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15866 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15865 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15866 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15867 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:03:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15868 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15886 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15888 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15895 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/etc/" pid=15896 comm="sh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /etc/ (read)
Suggestions:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="exec" profile="snap.aps.daemon" name="/usr/bin/dmesg" pid=15918 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
File: /usr/bin/dmesg (exec)
Suggestions:
* adjust snap to ship 'dmesg'
* adjust program to use relative paths if the snap already ships 'dmesg'

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15922 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15895 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15922 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15895 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15922 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15928 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15940 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15991 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15991 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=15991 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=15991 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=16020 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:04:03
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=16020 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:05:12
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=16041 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:05:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=16043 comm="udevadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:05:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=16062 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:05:13
Log: apparmor="DENIED" operation="open" profile="snap.aps.daemon" name="/proc/1/environ" pid=16117 comm="hostnamectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/1/environ (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/environ'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing if program otherwise works properly

= AppArmor =
Time: May 04 11:05:13
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=16117 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

= AppArmor =
Time: May 04 11:05:13
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.systemd1" pid=16062 label="snap.aps.daemon" peer_pid=1 peer_label="unconfined"
DBus access

milko.uzunov · May 4, 2023, 11:16am

Also, I tried this … but I received “error: snap “snapd” has no “dbus” interface slots”

dbus-plug:
    interface: dbus
    bus: system
    name: org.freedesktop.systemd1

ogra · May 4, 2023, 11:20am

well, the denials are not actually for the hostname call itself, but whatever you do there tries to read systemd’s process environment via /proc/1/environ … are you not using a plain dbus query there for hostnamectl (or simply call the hostnamectl binary (which the interface allows too))

how exactly is your code trying to query the hostname here ? there is indeed no interface that allows in any way to directly talk to the systemd process (i.e. via something like systemctl or via dbus), that would be hard to mediate.

milko.uzunov · May 4, 2023, 11:25am

subprocess.call([“hostnamectl”, “set-hostname”, host_name]) I try to set the host name from the python application

ogra · May 4, 2023, 11:29am

hmm, and does it not actually set the new hostname ? note that the message related to hostnamectl in your log output actually suggests:

do nothing if program otherwise works properly

it might just be some log fallout introduced by the python interpreter here (trying to read /proc/1/environ) … there are no actual denials to the hostnamectl call itself so i’d assume it actually succeeds.

milko.uzunov · May 4, 2023, 11:38am

Actually sets the new hostname but I thought that would be a problem going forward. I hadn’t noticed because I had to run “exit” and reconnect via ssh to see it. Thank you very much! I’m sorry I wasted your time

ogra · May 4, 2023, 12:15pm

No worries, it could have been an actual issue so don’t hesitate to keep asking if you run into trouble !