reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
Bug #1560583 reported by
Jamie Strandboge
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Tyler Hicks | ||
Xenial |
Fix Released
|
High
|
Tyler Hicks |
Bug Description
$ cat ./t
#include <tunables/global>
profile t {
#include <abstractions/base>
/bin/cat ixr,
/sys/
}
$ sudo apparmor_parser -r ./t
$ sudo aa-exec -p t -- cat /sys/kernel/
cat: /sys/kernel/
[1]
kernel: [ 62.203035] audit: type=1400 audit(145866542
This is new in the -15 kernel.
Changed in linux (Ubuntu): | |
milestone: | none → ubuntu-16.04 |
milestone: | ubuntu-16.04 → none |
Changed in linux (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
I've created patches to fix this issue and built test kernels. Patches and kernels can be found here:
http:// people. canonical. com/~tyhicks/ lp1560583/
In my testing, the patches fix this bug.