AppArmor

  1. Bug #1544387
  2. Activity log

Activity log for bug #1544387

Date Who What changed Old value New value Message
2016-02-11 02:24:01 Tyler Hicks bug added bug
2016-02-11 02:25:02 Tyler Hicks description When the 'profile' keyword is used at the beginning of a profile declaration, namespace creation is not handled properly. Instead of :namespace:p being split into 'namespace' for the name of the namespace and 'p' for the name of the profile, a profile called ':namespace:p' is created. $ echo "profile :namespace:p {}" | sudo apparmor_parser -qr $ stat /sys/kernel/security/apparmor/policy/namespaces/namespace stat: cannot stat ‘/sys/kernel/security/apparmor/policy/namespaces/namespace’: No such file or directory $ stat /sys/kernel/security/apparmor/policy/profiles/namespacep* File: ‘/sys/kernel/security/apparmor/policy/profiles/namespacep.26’ Size: 0 Blocks: 0 IO Block: 4096 directory Device: ch/12d Inode: 18374 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2016-02-10 20:19:47.296817210 -0600 Modify: 2016-02-10 20:20:06.336742155 -0600 Change: 2016-02-10 20:19:47.296817210 -0600 Birth: - When the 'profile' keyword is used at the beginning of a profile declaration, namespace creation is not handled properly. Instead of :namespace:p being split into 'namespace' for the name of the namespace and 'p' for the name of the profile, a profile called ':namespace:p' is created. $ echo "profile :namespace:p {}" | sudo apparmor_parser -qr $ stat /sys/kernel/security/apparmor/policy/namespaces/namespace stat: cannot stat ‘/sys/kernel/security/apparmor/policy/namespaces/namespace’: No such file or directory $ stat /sys/kernel/security/apparmor/policy/profiles/namespacep*   File: ‘/sys/kernel/security/apparmor/policy/profiles/namespacep.26’   Size: 0 Blocks: 0 IO Block: 4096 directory Device: ch/12d Inode: 18374 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2016-02-10 20:19:47.296817210 -0600 Modify: 2016-02-10 20:20:06.336742155 -0600 Change: 2016-02-10 20:19:47.296817210 -0600  Birth: - Dropping the 'profile' keyword results in the namespace being properly created: $ echo ":namespace:p {}" | sudo apparmor_parser -qr $ stat /sys/kernel/security/apparmor/policy/namespaces/namespace File: ‘/sys/kernel/security/apparmor/policy/namespaces/namespace’ Size: 0 Blocks: 0 IO Block: 4096 directory Device: ch/12d Inode: 18716 Links: 4 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2016-02-10 20:24:20.271897231 -0600 Modify: 2016-02-10 20:24:20.271897231 -0600 Change: 2016-02-10 20:24:20.271897231 -0600 Birth: -
2016-02-11 22:40:21 Tyler Hicks apparmor: status Confirmed In Progress
2016-02-11 22:40:29 Tyler Hicks apparmor: importance High Medium
2016-02-18 22:04:39 Tyler Hicks apparmor: status In Progress Fix Committed
2017-01-10 20:48:36 Christian Boltz apparmor: status Fix Committed Fix Released