** Also affects: akonadi (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to akonadi in Ubuntu.
https://bugs.launchpad.net/bugs/1759084
Title:
mysqld-akonadi profile does not support seccomp
Status in AppArmor:
New
Status in akonadi package in Ubuntu:
New
Bug description:
The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with
seccomp in general and the no_new_privs bit specifically, because it
includes a profile transition.
I came across this when I tried to write a profile for the Firejail
sandbox, and had to omit everything seccomp related in order to not
break Akonadi:
https://github.com/netblue30/firejail/blob/1bc84f3e53f66abf4ee246e89f20f72626a199de/etc/akonadi_control.profile
Would it be possible for you to replace access mode cx with ix here?
Especially because the transition in usr.sbin.mysqld-akonadi seems to
not have been motivated by any administrative or security needs....
Best regards,
smitsohu
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1759084/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
