Public bug reported:
The following lines in my profile didn't allow a link operation to work
as I expected:
link subset @{PROJECTS}/** -> @{PROJECTS}/**/deps/** ,
link subset @{PROJECTS}/** -> @{PROJECTS}/** ,
link @{PROJECTS}/** -> @{PROJECTS}/** ,
All three of these rules (tried one at a time) lead to the following DENIED
messages:
type=AVC msg=audit(1486541632.347:41896): apparmor="DENIED" operation="link"
info="target restricted" error=-13 profile="rust"
name="/home/sarnold/projects/sarvm/target/debug/sarvm-ea4803ad22705e94"
pid=3867 comm="cargo" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
target="/home/sarnold/projects/sarvm/target/debug/deps/sarvm-ea4803ad22705e94"
type=SYSCALL msg=audit(1486541632.347:41896): arch=c000003e syscall=86
success=no exit=-13 a0=7feff8210000 a1=7feff8210050 a2=41 a3=7a4 items=0
ppid=3854 pid=3867 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts23 ses=4294967295 comm="cargo"
exe="/home/sarnold/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin/cargo"
key=(null)
Linux hunt 4.4.0-57-generic #78-Ubuntu SMP Fri Dec 9 23:50:32 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
#include <tunables/global>
@{PROJECTS}=@{HOME}/projects/
profile rust /home/sarnold/{.cargo,.rustup}/** {
#include <abstractions/base>
#include <abstractions/nameservice>
/dev/tty rw,
@{HOME}/.cargo/ rw,
@{HOME}/.cargo/**/ rw,
@{HOME}/.cargo/** rw,
@{HOME}/.cargo/bin/* rmix,
link subset @{HOME}/.cargo/** -> @{HOME}/.cargo/** ,
@{HOME}/.rustup/ r,
@{HOME}/.rustup/**/ r,
@{HOME}/.rustup/** r,
@{HOME}/.rustup/toolchains/*/bin/* rmix,
/tmp/rustc.????????????/ rw,
/tmp/rustc.????????????/** rw,
@{PROJECTS}/**/ rw,
@{PROJECTS}/** rwmix,
link subset @{PROJECTS}/** -> @{PROJECTS}/**/deps/** ,
@{HOME}/.gitconfig r,
/usr/bin/hg Cx,
profile /usr/bin/hg {
#include <abstractions/base>
/usr/bin/hg rmix,
/usr/bin/python2.7 rmix,
/usr/local/lib/python2.7/dist-packages/ r,
/usr/local/lib/python2.7/dist-packages/** r,
/etc/python2.7/sitecustomize.py r,
/etc/mercurial/hgrc.d/ r,
/etc/mercurial/hgrc.d/** r,
/etc/mercurial/hgrc r,
}
/usr/bin/gcc-5 Cx,
profile /usr/bin/gcc-5 {
#include <abstractions/base>
/usr/bin/gcc-5 rmix,
/usr/lib/gcc/** rmix,
/usr/bin/*-ld.bfd rmix,
/tmp/????????.res rw,
/tmp/????????.c rw,
/tmp/????????.o rw,
/tmp/????????.ld rw,
/tmp/????????.le rw,
@{PROJECTS}/**/ rw,
@{PROJECTS}/** rw,
@{HOME}/.rustup/toolchains/** r,
}
}
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor 2.10.95-0ubuntu2.5
ProcVersionSignature: Ubuntu 4.4.0-57.78-generic 4.4.35
Uname: Linux 4.4.0-57-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Feb 8 00:20:46 2017
InstallationDate: Installed on 2012-10-18 (1574 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64
(20120823.1)
KernLog:
Feb 7 21:32:35 hunt NetworkManager[1294]: <info> [1486531955.0418] device
(wlan0): Activation: (wifi) access point 'CenturyLink3337' has security, but
secrets are required.
Feb 7 21:32:35 hunt NetworkManager[1294]: <info> [1486531955.0805] device
(wlan0): Activation: (wifi) connection 'CenturyLink3337' has security, and
secrets exist. No new secrets needed.
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.4.0-57-generic
root=UUID=7b8c2e1b-d2e6-47d9-9030-c078e9701a1d ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: Upgraded to xenial on 2016-04-30 (284 days ago)
modified.conffile..etc.apparmor.d.abstractions.ubuntu-browsers.d.text-editors:
[modified]
mtime.conffile..etc.apparmor.d.abstractions.ubuntu-browsers.d.text-editors:
2013-03-26T13:10:49
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662803
Title:
link source -> target doesn't work as I expect
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1662803/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
