** Tags added: aa-kernel
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1615890
Title:
stacking to unconfined in a child namespace confuses mediation
Status in AppArmor:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Yakkety:
Fix Released
Bug description:
when viewing a stack involving unconfined from across a ns boundary
the mode is reported as mixed.
Eg.
lxc-container-default//&:lxdns1://unconfined (mixed)
This is because the unconfined profile is in the special unconfined
mode. Which will result in a (mixed) mode for any stack with profiles
in enforcing or complain mode.
This can however lead to confusion as to what mode is being used as
mixed is also used for enforcing stacked with complain, and This can
also currently messes up mediation of trusted helpers like dbus.
Since unconfined doesn't affect the stack just special case it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1615890/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
