Public bug reported:
The default configuration of aa-notify does not have any filtering on
the notifications that it pops up, resulting in notifications that
suggest adding capabilities to unprivileged_userns, circumventing and
breaking the AppArmor userns restrictions. Since Plucky is very close to
release, we will unfortunately have to go for a less invasive bugfix
patch by adding filtering to the default config that filters out such
notifications. However, this has lingering issues in that user configs
that override the system config may result in such notifications
appearing again. In the longer run, we will want to update aa-notify to
fix this instead of depending on certain config values to be set.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2106177
Title:
aa-notify's default configuration breaks the userns restriction by
suggesting capabilities addition to unprivileged_userns
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2106177/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
