### Verification Done Jammy ###
wesley@j-verify:~$ uname -a
Linux j-verify 5.15.0-165-generic #175-Ubuntu SMP Tue Nov 25 16:51:58 UTC 2025
x86_64 x86_64 x86_64 GNU/Linux
wesley@j-verify:~$ lxc launch ubuntu:jammy podia
Creating podia
Starting podia
wesley@j-verify:~$ lxc shell podia
root@podia:~# cloud-init status -w
.....................................................status: done
root@podia:~# cat > linkit.aa <<EOF
#include <tunables/global>
profile linkit {
#include <abstractions/base>
/usr/bin/ln mr,
audit owner /root/link l,
}
EOF
root@podia:~# apparmor_parser linkit.aa
root@podia:~# echo long > chain
root@podia:~# aa-exec -p linkit ln chain link
root@podia:~# echo $?
0
root@podia:~# dmesg | grep apparmor
dmesg: read kernel buffer failed: Operation not permitted
root@podia:~# cat > sockit.aa <<EOF
#include <tunables/global>
profile sockit {
#include <abstractions/base>
/usr/bin/nc.openbsd mr,
audit owner /root/sock rw,
}
EOF
root@podia:~# apparmor_parser sockit.aa
root@podia:~# nc -lkU sock &
[1] 1093
root@podia:~# aa-exec -p sockit nc -U sock
^C
root@podia:~# echo $?
130
root@podia:~# exit
logout
wesley@j-verify:~$ sudo dmesg | grep apparmor="DENIED"
wesley@j-verify:~$
### Verification done Jammy ###
** Tags removed: verification-needed-jammy-linux
** Tags added: verification-done-jammy-linux
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2121257
Title:
[SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2121257/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
