On 02/09/2016 01:52 PM, Levi Blackstone wrote: > In-Reply-To: <[email protected]> > >>> The problem occurs in the mnt_rule::gen_policy_re method in >>> parser/mount.cc. When handling rules that specify options=(remount, bind), >>> *two* rules are added to the policy: one to permit calls with MS_REMOUNT | >>> MS_BIND and another that permits all calls to MS_BIND, with all other >>> options masked out! The second rule is almost certainly unintentional. The >>> quickest fixes would be to add a clause to make the if-statements mutually >>> exclusive again, or to convert all of the ifs to a chain of if-elses, if >>> the intention is, in fact, for only one of them to ever apply. >>> >> I need to look into this one more, I'll get back to you > > > Was this issue ever resolved? > No, the issue is more involved than just adding an else statement as suggested and resources have been focused else where.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
