很多 dbus_method_call 被拒绝。如果它们不安全,为什么 snap 会这样做。如果它们是安全的,为什么 apparmor 会拒绝它们?我应该担心这个吗?我不想被 DENIED 淹没,因为正常的做法是,如果我们在审计中看到不断的拒绝消息,则立即做出反应,这通常意味着我们受到了攻击。
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/PackageKit/Vendor.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/appstream.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=3566 label="snap.snap-store.ubuntu-software" peer_pid=1641 peer_label="unconfined"
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/PackageKit/Vendor.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[3566]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/appstream.conf" pid=3566 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=3828 label="snap.teams.teams" peer_pid=1619 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.login1.Manager" member="Inhibit" mask="send" name="org.freedesktop.login1" pid=3828 label="snap.teams.teams" peer_pid=1660 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.UPower" pid=3828 label="snap.teams.teams" peer_pid=1981 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="GetDisplayDevice" mask="send" name="org.freedesktop.UPower" pid=3828 label="snap.teams.teams" peer_pid=1981 peer_label="unconfined"
audit[1620]: USER_AVC pid=1620 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="EnumerateDevices" mask="send" name="org.freedesktop.UPower" pid=3828 label="snap.teams.teams" peer_pid=1981 peer_label="unconfined"
audit[8368]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=8368 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[8368]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/gimp/2.0/" pid=8368 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[8368]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/libreoffice/help/" pid=8368 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[8340]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/fstab" pid=8340 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6690]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.chromium" name="/usr/share/cups/doc-root/" pid=6690 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[6690]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.chromium" name="/usr/share/gimp/2.0/" pid=6690 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[6690]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.chromium" name="/usr/share/libreoffice/help/" pid=6690 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
audit[6782]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/implicit_layer.d/" pid=6782 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6782]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/implicit_layer.d/" pid=6782 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6782]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/icd.d/" pid=6782 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c90:0" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c90:1" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c511:0" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit[6663]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/+dmi:id" pid=6663 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0