On Fri, Jul 23, 2021 at 05:07:23PM +0530, Murali Selvaraj wrote: > -> Since we have required CAPs CAP_SYS_ADMIN in the profile and it > applied to the process as well but still observing > that mount and unmount fails [ "must be superuser to mount" and > "must be superuser to unmount" ].
How did you grant CAP_SYS_ADMIN to the process? > -> Does mount/umount restriction is done by util-linux package? As per > our understanding CAP_SYS_ADMIN (capable) check > would be taken care of in Kernel code. It looks like user space > (util-linux package) restricts this permission issue. > Please clarify my understanding. No, mount(8) is simply reporting the error message from the mount(2) system call. > -> What would be ideal options to resolve the issue ( "non-root" user > does mount/umount operation ). If you didn't get any DENIED entries from AppArmor in your logs, then I suspect that your process didn't actually get the CAP_SYS_ADMIN privilege from its parent. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
