aa_change_onexec fails with permission denied
Bug #963756 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux |
Fix Committed
|
Undecided
|
John Johansen | ||
apparmor (Ubuntu) |
Fix Released
|
High
|
John Johansen |
Bug Description
When I switch lxc from using aa_change_profile (which succeeds) to aa_change_onexec, I get permission denied (on the aa_change_profile() call, not exec). I haven't dug deep enough to see if it's the kernel or userspace causing the denial.
Changed in apparmor (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux: | |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux: | |
status: | New → Fix Committed |
Changed in apparmor (Ubuntu): | |
milestone: | none → ubuntu-12.04 |
status: | New → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package apparmor - 2.7.102-0ubuntu3
---------------
apparmor (2.7.102-0ubuntu3) precise; urgency=low
[ Jamie Strandboge ] patches/ 0007-ubuntu- manpage- updates. patch: update apparmor(5)
* debian/
to describe Ubuntu's two-stage policy load and how to add utilize it
when developing policy (LP: #974089)
[ Serge Hallyn ] apparmor. init: do nothing in a container. This can be
* debian/
removed once stacked profiles are supported and used by lxc.
(LP: #978297)
[ Steve Beattie ] patches/ 0008-apparmor- lp963756. patch: Fix permission mapping patches/ 0009-apparmor- lp959560- part1.patch, patches/ 0010-apparmor- lp959560- part2.patch: Update the parser patches/ 0011-apparmor- lp872446. patch: fix logprof missing patches/ 0012-apparmor- lp978584. patch: allow inet6 access in patches/ 0013-apparmor- lp800826. patch: fix libapparmor patches/ 0014-apparmor- lp979095. patch: document new mount rule patches/ 0015-apparmor- lp963756. patch: Fix change_onexec patches/ 0016-apparmor- lp968956. patch: Fix protocol error when patches/ 0017-apparmor- lp979135. patch: Fix change_profile to
* debian/
for change_profile onexec (LP: #963756)
* debian/
debian/
to support the 'in' keyword for value lists, and make mount
operations aware of 'in' keyword so they can affect the flags build
list (LP: #959560)
* debian/
exec events in complain mode (LP: #872446)
* debian/
dovecot imap-login profile (LP: #978584)
* debian/
log parsing library from dropping apparmor network events that
contain ip addresses or ports in them (LP: #800826)
* debian/
syntax and usage in apparmor.d(5) manpage (LP: #979095)
* debian/
for profiles without attachment specification (LP: #963756,
LP: #978038)
* debian/
loading policy to kernels without compat patches (LP: #968956)
* debian/
grant access to /proc/attr api (LP: #979135)
-- Steve Beattie <email address hidden> Thu, 12 Apr 2012 06:17:42 -0500