trunk r3279 (and similar commits to the version branches, which will be
in 2.10.1 and 2.9.3) changed the behaviour - aa-logprof and aa-genprof
will now propose 'w' for creating a file. The commit message explains
why:
Map c (create) log events to w instead of a
Creating a file is in theory covered by the 'a' permission, however
discussion on IRC brought up that depending on the open flags it might
not be enough (real-world example: creating the apache pid file).
Therefore change the mapping to 'w' permissions. That might allow more
than needed in some cases, but makes sure the profile always works.
** Changed in: apparmor
Status: Expired => Fix Committed
** Changed in: apparmor
Milestone: None => 2.10.1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1324608
Title:
when aa-logprof processed file access rules with mask of "c" the
resulting profile doesn't work
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1324608/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
