change_profile requires separate permission rule to access /proc interface
Bug #979135 reported by
John Johansen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Unassigned |
Bug Description
When a profile contains a rule granting permission to use the change_profile interface
Eg.
change_profile -> **,
it is not enough permissions to actually use the interface, because write permission to access the interface at
/proc/
is also needed.
If a change_profile rule is present it should imply that this permission is granted
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Committed in trunk revno 2030