Public bug reported:
The pivot_root rule arguments corresponding to pivot_root(2)'s put_old
and new_root arguments must always end with a '/' character. This is due
to the paths being directories and not regular files. If the paths do
not end in a '/', the kernel will fail to match the paths during a
pivot_root(2) and the pivot will always be denied.
I think that the parser should reject all pivot_root rules containing
paths that do not end in '/', to avoid the confusion at run-time.
Here's a simple test case that should fail:
$ echo "/t { pivot_root oldroot=/new/old /new, }" | apparmor_parser -qQ
Here's a simple test case that should pass:
$ echo "/t { pivot_root oldroot=/new/old/ /new/, }" | apparmor_parser
-qQ
Currently, both test result in apparmor_parser returning 0.
** Affects: apparmor (Ubuntu)
Importance: Low
Status: Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1315469
Title:
apparmor_parser should reject pivot_root rules containing non-
directory arguments
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1315469/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
