John, what do you think about Seth's question in
https://bugs.launchpad.net/apparmor/+bug/1667751/comments/5?
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor
Status: New => Incomplete
--
You received this bug notification because you are a me
Thanks Seth. A general solution covering most cases would be great as
tweaking existing profiles would involve many SRUs and inevitably, new
profiles not working inside containers would show up.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
That's an excellent question. In general we can't solve all cases but
perhaps we can find a middle-ground.
In the past, the 'r' flag on the executable determined if the process
was dumpable. I expect that to still hold, but there may be other
reasons why 'r' is required these days.
I don't know h
On 2017-02-24 04:04 PM, Seth Arnold wrote:
> I'm surprised that the denials you're seeing now
> weren't generated earlier, due to this change.
Well, I just got the word that Apparmor was now working in containers
after waiting for years so I happily jumped in.
I guess the question is: is there a
Thanks Simon,
https://github.com/torvalds/linux/commit/9f834ec18defc369d73ccf9e87a2790bfa05bf46
changed how ELF executables are loaded by the kernel and required many
changes to profiles. I'm surprised that the denials you're seeing now
weren't generated earlier, due to this change.
Thanks
--
Y
** Description changed:
+ It seems that binaries confined by Apparmor attempt to read their own
+ executable when running in a namespace/container. This breaks many
+ profiles that are working perfectly well outside of namespaces.
+
+
+
+ Original description:
+
I'm not sure if it's a bug th
It doesn't seem to only affect rsyslog as I have for example a shell
script contained by an Apparmor profile and inside the container it
doesn't work as it wants to read /bin/dash:
audit: type=1400 audit(1487935787.212:153): apparmor="DENIED"
operation="file_mprotect" namespace="root//lxd-smb_"
pr
7 matches
Mail list logo