On Wed, Feb 22, 2012 at 09:10:35AM -0800, John Johansen wrote: > Profiles that want name lookup past the chroot to the namespace root > must be marked as such, all other profiles should be chroot relative. > > Currently the autogenerated null (learning), and unconfined profiles are > not marked as such. Make sure they are properly flagged. This should not > affect behavior except for auto-generated profiles when a chroot is entered. > Profiles loaded from userspace will not be affected as they provide their > own value for the flag. > > This change does not affect mediation as it only changes the path reported by > the unconfined (none mediating), an null learning profiles. > > Also ensure that if a profile is ever loaded with out path flags set, that > it defaults to being chroot relative. > > Signed-off-by: John Johansen <[email protected]>
Signed-off-by: Kees Cook <[email protected]> -- Kees Cook -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
