The @{exec_path} is working fine.
This is a manifestation of the unconfined delegation bug.
Profile attachments for scripts only happens via binfmt_misc. ie. when the
script is directly run
wg-quick ...
instead of via interpreter
bash /usr/bin/wg-quick ...
the interpreter can be confined, and it can opt to switch to the
apparmor profile while running the script. However this just isn't
currently done by most interpreters.
The missing mr permission on the interpreter is due to the unconfined
delegation bug, causing the mr permissions not to be delegated to wg-
quick when run inside of a container.
I will refrain from marking this Bug a duplicate, until after
verification against a patched kernel. Hopefully I can get that done
today.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2133632
Title:
wg-quick segfaults when running in LXC -- apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2133632/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
