Public bug reported:
$ cat ./t
#include <tunables/global>
profile t {
#include <abstractions/base>
/bin/cat ixr,
/sys/kernel/security/apparmor/profiles r,
}
$ sudo apparmor_parser -r ./t
$ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles
cat: /sys/kernel/security/apparmor/profiles: Permission denied
[1]
kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128):
apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat"
capability=33 capname="mac_admin"
This is new in the -15 kernel.
** Affects: linux (Ubuntu)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Confirmed
** Tags: apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1560583
Title:
reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
