Public bug reported:
This concerns apparmor 3.0.4-2ubuntu2 in Ubuntu jammy.
When I run a command like aa-teardown(8), it will mount securityfs on
/sys/kernel/security if this is not already mounted.
On bare metal, this is reasonable. But in a chroot environment, the
command should probably exit without taking any action, not unlike what
systemd does: "Running in chroot, ignoring command 'daemon-reload'".
I see that the functions script already has logic addressing AppArmor in
container environments, but it appears that the chroot scenario has not
been addressed.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1965923
Title:
rc.apparmor.functions should not mount /sys/kernel/security inside a
chroot environment
Status in apparmor package in Ubuntu:
New
Bug description:
This concerns apparmor 3.0.4-2ubuntu2 in Ubuntu jammy.
When I run a command like aa-teardown(8), it will mount securityfs on
/sys/kernel/security if this is not already mounted.
On bare metal, this is reasonable. But in a chroot environment, the
command should probably exit without taking any action, not unlike
what systemd does: "Running in chroot, ignoring command 'daemon-
reload'".
I see that the functions script already has logic addressing AppArmor
in container environments, but it appears that the chroot scenario has
not been addressed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1965923/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
