2015-03-13 21:54:58 |
Tyler Hicks |
description |
$ echo "/t { pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
422b222b6608dff7aca3420062aad3db -
$ echo "/t { audit pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
422b222b6608dff7aca3420062aad3db -
$ echo "/t { audit deny pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
9e598c327781b16acdab2d3e939279ec -
Note that the audit modifier doesn't change the binary policy file but the audit deny modifier does. |
$ echo "/t { pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
422b222b6608dff7aca3420062aad3db -
$ echo "/t { audit pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
422b222b6608dff7aca3420062aad3db -
$ echo "/t { audit deny pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
9e598c327781b16acdab2d3e939279ec -
Note that the audit modifier doesn't change the binary policy file but the audit deny modifier does.
Also, the binary policy file changes as expected on "audit pivot_root," and "audit pivot_root oldroot=/,". That is, this bug only seems to happen when oldroot and newroot are both specified. |
|