** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1692543
Title:
Regression tests cannot write to apparmor path_max module parameter in
artful/4.11
This patch fixes the tests for me. Turns out that we can't simply skip
writing to path_max as that seems to break the test case completely, so
I changed it to print an XFAIL message and abort the test.
** Patch added: "fix-longpath-test.patch"
Something more like this then.
if [ ! -f /sys/module/apparmor/parameters/path_max ] ; then
echo "WARNING: This version of AppArmor does not support changing
buffer size."
else
mode=$(stat -c "%a" /sys/module/apparmor/parameters/path_max)
if (( 8#$mode & 0222 )); then
yes something like this should work. However 600 will not be the correct
check, as in some cases the owner may differ, especially in the
virtualized case because vfs doesn't let us virtualize the file's owner.
Currently this file isn't virtualized to the poilicy namespace, and that
is why the
What if the test was changed to check writability of path_max? Just
changing the the check for the sysfs path to -w won't work for root, but
maybe something like this (perhaps there's a simpler way to do the check
though):
if [[ -f /sys/module/apparmor/parameters/path_max &&
$(stat -c "%a"
This is caused do a change made upstream in the 4.11 kernel, which
forbids writing the buffer size parameter after boot. The change to boot
time preallocated work buffers made this parameter useless, but 4.11
only partially merged that work, making writing the buffer size an
attack vector on the
6 matches
Mail list logo
