Thank you. I was planning on switching to 12.04 as soon as it is released, so hopefully that will fix my problem. One final issue: I managed to switch into a profile using aa_change_profile, and into a hat (subprofile) using aa_change_hat. However, whenever I try to return out of the subprofile, my process is killed.
I suspect the following: does the magic token just need to be the same value, or does it actually have to point to exactly the same object? The latter is very hard to do in R, because it makes copies of objects before passing them to C. I put a copy of the updated package and some testing code here: https://github.com/jeroenooms/rApparmor/tree/master/test On Thu, Apr 26, 2012 at 3:29 PM, John Johansen <[email protected]> wrote: > On 04/26/2012 02:09 PM, Jeroen Ooms wrote: >> Thank you so much for researching and resolving this. It seems to be >> working now indeed. >> >> Additional question: after switching profiles, I cannot switch back >> anymore. Which privileges exactly are required to be able to call >> aa_change_profile ? >> > > to use the change_profile api when confined you need to explicitly list > the permissions in the profile > > change_profile -> <profile>, > > where profile accepts an apparmor pattern matching expression > > change_profile -> /usr/bin/R//testprofile, > > change_profile -> **, > > > However there is a bug in change_profile in 11.04, and 11.10 that prevents > change_profile form working from a confined process (it works fine from > unconfined). It has been fixed in 12.04 and we need to look at SRUing it > for previous releases. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
