[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
Apparmor 2.9.0 has been released; closing. ** Changed in: apparmor Status: Fix Committed = Fix Released ** Changed in: linux (Ubuntu) Status: Invalid = Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in AppArmor Linux application security framework: Fix Released Status in “linux” package in Ubuntu: Fix Released Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
** Branch linked: lp:ubuntu/utopic-proposed/apparmor -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in AppArmor Linux application security framework: Fix Committed Status in “linux” package in Ubuntu: Invalid Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
** Description changed: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. - - Note that you'll need to be sure that these patches have been applied to - a fresh checkout of lp:apparmor before running unix_socket_pathname.sh: - - https://lists.ubuntu.com/archives/apparmor/2014-September/006563.html - https://lists.ubuntu.com/archives/apparmor/2014-September/006564.html * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). ** Description changed: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. + + Note that you need a branch of lp:apparmor at r2715 or newer to + reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in “linux” package in Ubuntu: Confirmed Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
After discussions in IRC, it was determined that this is expected behavior and that the test should be modified to remove the getopt permission from the list of server permissions. The unix_socket test program calls getsockopt() after calling bind(). Because AppArmor continues to use traditional file rules for sockets bound to a filesystem path, it does not mediate some socket operations after the socket has been bound to the filesystem path and, as it turns out, the getopt permission is one of those socket operations. In the future, AppArmor plans to support specifying filesystem pathnames in the addr conditional of unix rules. This would allow the unix rule type to be used with pathname, abstract, and unnamed AF_UNIX sockets. At that time, getopt and other socket operations could be mediated even for bound pathname AF_UNIX sockets. ** Changed in: linux (Ubuntu) Status: Confirmed = Invalid ** Changed in: linux (Ubuntu) Assignee: John Johansen (jjohansen) = (unassigned) ** Also affects: apparmor Importance: Undecided Status: New ** Changed in: apparmor Status: New = In Progress ** Changed in: apparmor Importance: Undecided = Medium ** Changed in: apparmor Assignee: (unassigned) = Tyler Hicks (tyhicks) ** Changed in: apparmor Milestone: None = 2.9.0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in AppArmor Linux application security framework: Fix Committed Status in “linux” package in Ubuntu: Invalid Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
Patch tested and set to the list: https://lists.ubuntu.com/archives/apparmor/2014-September/006572.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in AppArmor Linux application security framework: Fix Committed Status in “linux” package in Ubuntu: Invalid Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
** Changed in: apparmor Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in AppArmor Linux application security framework: Fix Committed Status in “linux” package in Ubuntu: Invalid Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
** Branch linked: lp:apparmor -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in AppArmor Linux application security framework: Fix Committed Status in “linux” package in Ubuntu: Invalid Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
Committed to lp:apparmor as r2717. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in AppArmor Linux application security framework: Fix Committed Status in “linux” package in Ubuntu: Invalid Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you need a branch of lp:apparmor at r2715 or newer to reproduce this failure. * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1375516] Re: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails
Since this issue affects stream/seqpacket but not dgram, it seems likely that it is a kernel issue and not a parser issue. But to be sure, I've verified that the perms that the parser outputs for setopt, getopt, and the combination of the two does look sane: $ for p in getopt setopt getopt,setopt; do echo /t { unix ($p), } | ./apparmor_parser -qQD dfa-states 21 | head -n7; done {1} == (allow/deny/audit/quiet) {2} (0x 4/0/0/0) {3} (0x 4/0/0/0) {17} (0x 10/0/0/0) {18} (0x 10/0/0/0) {19} (0x 10/0/0/0) {1} == (allow/deny/audit/quiet) {2} (0x 4/0/0/0) {3} (0x 4/0/0/0) {17} (0x 8/0/0/0) {18} (0x 8/0/0/0) {19} (0x 8/0/0/0) {1} == (allow/deny/audit/quiet) {2} (0x 4/0/0/0) {3} (0x 4/0/0/0) {17} (0x 18/0/0/0) {18} (0x 18/0/0/0) {19} (0x 18/0/0/0) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1375516 Title: unix_socket_pathname.sh confined server stream/seqpacket missing getopt test fails Status in “linux” package in Ubuntu: Confirmed Bug description: The AF_UNIX pathname stream and seqpacket tests are not failing when the server program is missing the getopt unix permission. Note that the dgram version of this test fails as expected. This suggests some type of difference in the mediation of getsockopt() between connected and connectionless sockets. Note that you'll need to be sure that these patches have been applied to a fresh checkout of lp:apparmor before running unix_socket_pathname.sh: https://lists.ubuntu.com/archives/apparmor/2014-September/006563.html https://lists.ubuntu.com/archives/apparmor/2014-September/006564.html * The test failures: Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (getopt)' was expected to 'fail' * The profile (note the missing getopt permission): /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket { /etc/ld.so.cache r, /proc/*/attr/current w, /dev/urandom r, /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix, /lib/x86_64-linux-gnu/libpthread-2.19.so mr, /lib/x86_64-linux-gnu/libc-2.19.so mr, /lib/x86_64-linux-gnu/ld-2.19.so rix, /tmp/sdtest.18777-31595-M5yfgv/output.unix_socket w, /tmp/sdtest.18777-31595-M5yfgv/aa_sock rw, unix (create,,setopt), /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux, } I've attached the strace output of the test run to show that the unix_socket program does successfully call getsockopt(). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1375516/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp