Important is high as we'll need a fix soon in order for thumbnailer-
service to run as a snap.
** Changed in: apparmor
Importance: Undecided => High
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Critical
** Changed in: apparmor (Ubuntu)
Importance: Critical => High
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1620635
Title:
libapparmor's aa_query_label() always returns allowed = 0 for file
rules containing the "owner" conditional
Status in AppArmor:
Triaged
Status in Snappy:
Won't Fix
Status in apparmor package in Ubuntu:
Triaged
Bug description:
Steps to reproduce:
1. Download and compile the following sample C app that calls aa_query_label
wget https://launchpadlibrarian.net/207629699/query_file.c
gcc -o query_file query_file.c -l apparmor
2. Install a snap that uses the home interface, for example demo-wget:
snap install demo-wget
3. Create a file in your home:
touch /home/USERNAME/testfile
4. Ask apparmor if demo-wget can read that file with query_file:
./query_file snap.demo-wget.wget /home/USERNAME/testfile
Expected result:
output of ./query_file command is
read '/home/kaleo/toto' allowed
Current result:
output of ./query_file command is
read '/home/kaleo/toto' denied
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1620635/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
