AppArmor

Overview
Code
Bugs
Blueprints
Translations
Answers

aa-status doesn't display profile attachment

Bug #1453944 reported by Christian Boltz on 2015-05-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	New	Undecided	Unassigned

Bug Description

profile /foo /bar { }

is a totally valid profile, but it's also (at least) confusing for an admin looking at aa-status, and might lead to a false sense of security.

aa-status should {additionally,only} read /sys/kernel/security/apparmor/policy/profiles/*/{name,mode,attach} which is available with newer kernels and parser versions. However SLE or Ubuntu LTS might still contain older kernels that only have /sys/kernel/security/apparmor/profiles.

I didn't check aa-unconfined, but expect the same issue there.

Tags:

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.