Simon McVittie has proposed merging lp:~smcv/apparmor/cpus-conf into
lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~smcv/apparmor/cpus-conf/+merge/322472
abstractions/base: Allow sysconf(_SC_NPROCESSORS_CONF)
glibc implements this by doing a readdir() and filtering.
We already allowed sysconf(_SC_NPROCESSORS_ONLN), which is
basically a read from /sys/devices/system/cpu/online.
---
For context: while testing a confined process that invokes apparmor_parser
under its own profile, I noticed that apparmor_parser does this. For now I'm
adding it to that process's profile, but it seems like something that could
reasonably go in <abstractions/base> - in practice on consumer systems the
answer is going to be the same as cpu/online, which we already allow reading.
(I realise that's an odd thing to do, because that confined process needs to
exercise CAP_MAC_ADMIN, making it all-powerful. However, the confinement is
aiming to prevent accidentally reading untrusted content into a TCB process,
rather than preventing the process itself from escalating privileges.)
--
Your team AppArmor Developers is requested to review the proposed merge of
lp:~smcv/apparmor/cpus-conf into lp:apparmor.
=== modified file 'profiles/apparmor.d/abstractions/base'
--- profiles/apparmor.d/abstractions/base 2017-01-21 01:01:50 +0000
+++ profiles/apparmor.d/abstractions/base 2017-04-12 17:42:54 +0000
@@ -82,6 +82,7 @@
@{PROC}/meminfo r,
@{PROC}/stat r,
@{PROC}/cpuinfo r,
+ /sys/devices/system/cpu/ r,
/sys/devices/system/cpu/online r,
# glibc's *printf protections read the maps file
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
