I'm afraid apparmor_parser is not fully aware of this restriction.
# cat foo
/usr/bin/foo {
# mount options=(rw, runbindable) / -> /bar, # causes error
mount options=(rw, runbindable) -> /bar, # accepted as valid (as
expected)
mount options=(rw, runbindable) /, # accepted as valid, but shouldn't
}
# apparmor_parser -r foo
#
This means a rule with only a source (but no target mountpoint) gets
accepted by the parser and loaded into the kernel, even if it should
raise an error.
.
BTW: The commented-out rule that indeed triggers an error results in a
not-so-useful error message:
Encoding of mount rule failed
ERROR processing policydb rules for profile /usr/bin/foo, failed to load
A more detailed error message that points out the invalid rule would be
nice.
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065685
Title:
aa-logprof fails with 'runbindable' error
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
