Dbus-Broker Working On AppArmor Support, Opening The Door For Possible Ubuntu Use
In the absence of an in-kernel IPC mechanism like the failed KDBUS or the stagnate BUS1 kernel module, Dbus-Broker is where it's at for offering the best possible performance while retailing compatibility with D-Bus. This D-Bus Message Broker is already used by the likes of Fedora, Arch Linux, and others. Ubuntu currently doesn't use Dbus-Broker but with Ubuntu 22.04 LTS it is available via the Universe archive.
Dbus-Broker is under the BUS1 umbrella and largely worked on by Red Hat engineers.
Notable with today's Dbus-Broker 32 release is working on the initial infrastructure for AppArmor security layer support. Dbus-Broker currently doesn't have AppArmor integration, but it's been worked on recently albeit incomplete for the v32 milestone.
Sebastian Reichel of Collabora has been working on this AppArmor integration for Dbus-Broker. The motivation there appears to be about using Dbus-Broker on Ubuntu in embedded environments. From this work-in-progress pull:
...Note, that the downstream kernel patch is no longer limited to Ubuntu. It has been applied to some kernels used in the embedded sector. Missing support for AppArmor is the limiting factor to switch from dbus-daemon to dbus-broker on these embedded systems and the reason I wrote this code.
Regarding the status of the kernel patch required for this support: The main reason, that the kernel is still missing support for kernel based af_unix/dbus meditation is a pending code restructuring that got postponed for multiple years. Current expectation is, that this restructuring finally happens in the 5.19 cycle (fingers crossed).
So for now Collabora's interest in AppArmor integration is for being able to switch to Dbus-Broker on Ubuntu embedded devices. It will be interesting to see though that once this security integration is complete if Canonical then considers switching over to Dbus-Broker in upstream Ubuntu Linux for its improved reliability and performance.
Today's Dbus-Broker 32 has just the initial infrastructure while this AppArmor integration is wrapped up hopefully in time for the next release. The only other changes in v32 are some fixes.