This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:
apport-collect 1615890
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1615890
Title:
stacking to unconfined in a child namespace confuses mediation
Status in AppArmor:
New
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Incomplete
Bug description:
when viewing a stack involving unconfined from across a ns boundary
the mode is reported as mixed.
Eg.
lxc-container-default//&:lxdns1://unconfined (mixed)
This is because the unconfined profile is in the special unconfined
mode. Which will result in a (mixed) mode for any stack with profiles
in enforcing or complain mode.
This can however lead to confusion as to what mode is being used as
mixed is also used for enforcing stacked with complain, and This can
also currently messes up mediation of trusted helpers like dbus.
Since unconfined doesn't affect the stack just special case it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1615890/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
