Thanks for the confirmation Gabriel.
### Verification done Noble ###
wesley@nv0:~$ uname -a
Linux nv0 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36
UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
wesley@nv0:~$ lxc launch ubuntu:noble podia
Launching podia
wesley@nv0:~$ lxc shell podia
root@podia:~# cloud-init status -w
status: done
root@podia:~# cat > linkit.aa <<EOF
#include <tunables/global>
profile linkit {
#include <abstractions/base>
/usr/bin/ln mr,
audit owner /root/link l,
}
EOF
root@podia:~# apparmor_parser linkit.aa
root@podia:~# echo long > chain
root@podia:~# aa-exec -p linkit ln chain link
root@podia:~# echo $?
0
root@podia:~# dmesg | grep apparmor
dmesg: read kernel buffer failed: Operation not permitted
root@podia:~# cat > sockit.aa <<EOF
#include <tunables/global>
profile sockit {
#include <abstractions/base>
/usr/bin/nc.openbsd mr,
audit owner /root/sock rw,
}
EOF
root@podia:~# apparmor_parser sockit.aa
root@podia:~# nc -lkU sock &
[1] 688
root@podia:~# aa-exec -p sockit nc -U sock
^C
root@podia:~# echo $?
130
root@podia:~# exit
logout
wesley@nv0:~$ sudo dmesg | grep apparmor="DENIED"
wesley@nv0:~$
### Verification done Noble ###
** Tags removed: verification-needed-noble-linux
** Tags added: verification-done-noble-linux
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2121257
Title:
[SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2121257/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
