no logging if using non-existent child profile
Bug #921000 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Triaged
|
Medium
|
Unassigned | ||
apparmor (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Ubuntu recently added the ubuntu-helpers abstraction with the sanitized_helper child profile. If I do the following:
/bin/foo {
/usr/bin/bar Cxr -> sanitized_helper,
}
and then execute /bin/foo, the execution of /usr/bin/bar fails but with no logging. This is because in the above profile I forgot to add '#include <abstractions/
This can either be fixed in the logging mechanism or apparmor_parser should fail if the parent profile references a child profile that is not defined.
Changed in apparmor: | |
status: | New → Triaged |
tags: | added: kernel-bot-stop-nagging |
Changed in apparmor (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in apparmor: | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu): | |
assignee: | nobody → John Johansen (jjohansen) |
tags: | added: aa-kernel |
Changed in linux (Ubuntu): | |
assignee: | John Johansen (jjohansen) → nobody |
To post a comment you must log in.
This needs to be fixed in the logging, as apparmor currently doesn't do a total policy load. That is the target may be a profile that is compiled and loaded separately, or a profile that has been removed.