> comm="apparmor_signal" requested_mask="receive" denied_mask="receive"
signal=kill peer="/home/ubuntu/apparmor_signal_test_wrap.sh"
So you get a denial for receiving a signal from
peer="/home/ubuntu/apparmor_signal_test_wrap.sh" - which is not
surprising because that peer has a profile:
> "/home/ubuntu/apparmor_signal_test_wrap.sh" flags=(unconfined) {
This profile has the unconfined _flag_, but the profile name is
"/home/ubuntu/apparmor_signal_test_wrap.sh" (_not_ "unconfined").
Note that abstractions/base allows signal (receive) peer=unconfined,
- and "unconfined" does not match your profile name.
In other words: this looks like normal and expected behaviour to me.
You'll need to add a rule
signal (receive) peer=/home/ubuntu/apparmor_signal_test_wrap.sh,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077413
Title:
apparmor unconfined profile blocks signal sending
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2077413/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
