### Verification done plucky ###
wesley@p-00409763:~$ uname -a
Linux p-00409763 6.14.0-34-generic #34-Ubuntu SMP PREEMPT_DYNAMIC Wed Sep 17
09:21:29 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
wesley@p-00409763:~$ lxc launch ubuntu:plucky podia
Launching podia
wesley@p-00409763:~$ lxc shell podia
root@podia:~# cloud-init status -w
..................status: done
root@podia:~# cat > linkit.aa <<EOF
#include <tunables/global>
profile linkit {
#include <abstractions/base>
/usr/bin/ln mr,
audit owner /root/link l,
}
EOF
root@podia:~# apparmor_parser linkit.aa
root@podia:~# echo long > chain
root@podia:~# aa-exec -p linkit ln chain link
root@podia:~# echo $?
0
root@podia:~# dmesg | grep apparmor
dmesg: read kernel buffer failed: Operation not permitted
root@podia:~# cat > sockit.aa <<EOF
#include <tunables/global>
profile sockit {
#include <abstractions/base>
/usr/bin/nc.openbsd mr,
audit owner /root/sock rw,
}
EOF
root@podia:~# apparmor_parser sockit.aa
root@podia:~# nc -lkU sock &
[1] 773
root@podia:~# aa-exec -p sockit nc -U sock
^C
root@podia:~# echo $?
130
root@podia:~# exit
logout
wesley@p-00409763:~$ sudo dmesg | grep apparmor="DENIED"
wesley@p-00409763:~$
### Verification done plucky ###
** Tags removed: verification-needed-plucky-linux
** Tags added: verification-done-plucky-linux
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2121257
Title:
[SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2121257/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
