out of free space on /tmp causes apparmor loosing protection on reload

Bug #775785 reported by Arkadiusz Miśkiewicz
272
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Undecided
Unassigned
2.6
Fix Committed
Medium
Unassigned
2.7
Fix Released
Medium
Unassigned
apparmor (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

If there is no free space on tmp partition then reloading apparmor (init.d/apparmor reload) causes protection/profiles to be lost.

Tags: patch
visibility: private → public
Revision history for this message
Simon Déziel (sdeziel) wrote :

I can reproduce this behaviour on a Natty amd64 VM. In fact, when /tmp is 100% full /etc/init.d/apparmor reload|restart will not pick new profiles.

Also, when you free some space in /tmp even reloading/restart Apparmor will not activate new profiles. I had to use apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.firefox to finally have it.

Sometimes, apparmor reload/restart will give this error :

grep: write error: No space left on device

Changed in apparmor:
status: New → Confirmed
Revision history for this message
Kees Cook (kees) wrote :

If we switch from dash to bash, we can use local fd redirection to avoid the need for /tmp at all.

Changed in apparmor (Ubuntu):
status: New → Triaged
tags: added: patch
Revision history for this message
Arkadiusz Miśkiewicz (arekm) wrote :

Using bash sucks. We want code that supports POSIX shell.

Also proposed patch is for some code that's not even in apparmor bzr repo .

Revision history for this message
Steve Beattie (sbeattie) wrote :

An awk-based fix was committed to both trunk for 2.7 (rev 1805) and to the 2.6 branch (rev 1706).

Changed in apparmor:
status: Confirmed → Fix Committed
status: Fix Committed → Fix Released
Changed in apparmor (Ubuntu):
importance: Undecided → Medium
milestone: none → precise-updates
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed long ago in Ubuntu.

Changed in apparmor (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.