I've created patches to fix this issue and built test kernels. Patches and kernels can be found here:
http://people.canonical.com/~tyhicks/lp1560583/ In my testing, the patches fix this bug. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1560583 Title: reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN Status in linux package in Ubuntu: In Progress Bug description: $ cat ./t #include <tunables/global> profile t { #include <abstractions/base> /bin/cat ixr, /sys/kernel/security/apparmor/profiles r, } $ sudo apparmor_parser -r ./t $ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles cat: /sys/kernel/security/apparmor/profiles: Permission denied [1] kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128): apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat" capability=33 capname="mac_admin" This is new in the -15 kernel. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
