FYI, I clarified the description that the issue is for 'aa-exec', not
everything.
** Description changed:
- Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed.
- For example, on Ubuntu 12.04 and 14.04 we have:
+ Somewhere between 3.13 and 4.4, the scrubbing behavior of ix for
These seem like counter arguments. On the one hand you seem to say that
scrubbing is ok for ix and then change to suggest modifying ix to not
scrub and introduce Ix.
This bug is really about an inconsistency between 'ix' for normal
fork/exec where there is no scrubbing and 'ix' on aa-exec where
Just wondering - if this bug survived so long without being noticed,
isn't it a sign that in most cases scrubbing doesn't hurt or is even a
good idea?
Should we introduce Ix to officially have a way to inherit with
scrubbing?
--
You received this bug notification because you are a member of
FYI, this was discovered because of https://forum.snapcraft.io/t/2-0
-lxd-snap-fails-on-sytems-with-partial-apparmor-support/4707
** Description changed:
- Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed
- when going through aa-exec. For example, on Ubuntu 12.04 and 14.04 we
Attached is an updated reproducer that adds 'aa-exec -p env -- ...' (ie,
not unconfined). It operates the same (ie, ix still scrubs).
** Attachment added: "reproducer2.tar.gz"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1759346/+attachment/5092826/+files/reproducer2.tar.gz
**
5 matches
Mail list logo
