John: that would be useful.  Our code already tracks the peer's UID, so
it will hopefully be quite easy to hook up what ever you've come up
with.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1620635

Title:
  libapparmor's aa_query_label() always returns allowed = 0 for file
  rules containing the "owner" conditional

Status in AppArmor:
  Triaged
Status in Snappy:
  Won't Fix
Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  Steps to reproduce:
  1. Download and compile the following sample C app that calls aa_query_label

  wget https://launchpadlibrarian.net/207629699/query_file.c
  gcc -o query_file query_file.c -l apparmor

  2. Install a snap that uses the home interface, for example demo-wget:

  snap install demo-wget

  3. Create a file in your home:

  touch /home/USERNAME/testfile

  4. Ask apparmor if demo-wget can read that file with query_file:

  ./query_file snap.demo-wget.wget /home/USERNAME/testfile

  
  Expected result:

  output of ./query_file command is 
  read '/home/kaleo/toto' allowed

  
  Current result:

  output of ./query_file command is 
  read '/home/kaleo/toto' denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1620635/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to