@paelzer: so while I can't guarantee will be in the 26.04 kernel, that is what I am trying for. We need some of the object delegation work, for tracking which subject delegated the object. This is easier for unconfined than the generic case but does require updating the file security object with additional information, the permission check to take this info into account, and file inherit and file receive (SCM rights passing the file) to update the tracking info.
I am hoping to have a test kernel next week. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2121552 Title: "free > file" blocked by apparmor inside questing lxd Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Noble: New Status in apparmor source package in Plucky: New Status in apparmor source package in Questing: Confirmed Bug description: Host: noble LXD container: questing up-to-date $ free > foo free: write error [Wed Aug 27 16:13:12 2025] audit: type=1400 audit(1756321990.952:2133): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxd-q-rocm-llvm_<var-snap-lxd-common-lxd>" profile="free" name="/home/ubuntu/foo" pid=134925 comm="free" requested_mask="w" denied_mask="w" fsuid=1001000 ouid=1001000 [Wed Aug 27 16:13:12 2025] audit: type=1400 audit(1756321990.952:2134): apparmor="DENIED" operation="open" class="file" info="Failed name lookup - disconnected path" error=-13 namespace="root//lxd-q-rocm-llvm_<var-snap-lxd-common-lxd>" profile="free" name="apparmor/.null" pid=134925 comm="free" requested_mask="wr" denied_mask="wr" fsuid=1001000 ouid=0 Note: I added <abstractions/consoles> to /etc/apparmor.d/free because of LP: #2121401 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121552/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
