So having gone through this, pivot_root is working as expected and the
test suite does pass with some minor alterations to fix a few problems
with the profiles it was generating.
There is a bug in how the parser is handling the rules, and I am working
on a patch for that. Until that patch lands please be very careful with
'/' and variable expansion and remember the roots being pivoted in are
directories and must end with '/'
eg.
pivot_root old_root=/foo /bar,
will fail because neither /foo nor /bar are directories, the correct rule is
pivot_root old_root/foo/ /bar/,
Check variable expansions as they can result in invalid paths that are not
properly handled atm.
@{foo} = /foo/
pivot_root @{foo}/bar/,
this is resulting in the post variable expansion rule that looks like
pivot_root /foo//bar/,
which will always fail to match
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1305244
Title:
AppArmor always denies pivot_root when mediation rules contain put_old
or new_root
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305244/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
