Hi, mihalicyn, sorry for the delay answering.
That's unfortunately right. Ubuntu 12.04 ships apparmor 2.7 which didn't
have support for ABIs yet, so dc757a645cfa82f6ac252365df20a36a9ff82760
causes a regression on those early versions. I talked to @jjohansen and
we have agreed that this patch needs to be reverted, or partially
reverted so it doesn't affect older versions of the apparmor_parser -
even though are not currently supported, shouldn't break on newer
kernels.
This partial revert makes it work in my tests:
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -665,7 +665,7 @@ static struct aa_label *profile_transition(const struct
cred *subj_cred,
goto audit;
}
- if (!profile_mediates(profile, AA_CLASS_FILE)) {
+ if (profile_unconfined(profile)) {
new = find_attach(bprm, profile->ns,
&profile->ns->base.profiles, name, &info);
if (new) {
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067900
Title:
apparmor unconfined profile blocks pivot_root
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2067900/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
