>
> So while the /dev/zd0 denial was expected, the /proc/$pid/task/$pid/comm
> ones were not.
Oh those where expected by me, I just would have hoped they are gone now -
see bug 1615550
But I see you found it already.
> To address those, I applied the patch attached.
Yeah I didn't realize in my quick patch that it doesn't only read but
actually rewrite the comm for the debug threads feature.
I also like your owner and pid check - which makes it more secure but still
allowing the needed access.
I think I need an apparmor training :-);
Thanks for your help!
I updated the ppa and it should now also got rid of these apparmor messages
while keeping your hosts fix in place.
Please if possible retest with that one.
I also think once we have confirmed that these both fixes help I'm gonna
submit them upstream.
They don't have to stay a Ubuntu delta forever.
Since you did most IMHO please let me know if you want to do that.
> pid/task/ $pid/comm
> So while the /dev/zd0 denial was expected, the /proc/$
> ones were not.
Oh those where expected by me, I just would have hoped they are gone now -
see bug 1615550
But I see you found it already.
> To address those, I applied the patch attached.
Yeah I didn't realize in my quick patch that it doesn't only read but
actually rewrite the comm for the debug threads feature.
I also like your owner and pid check - which makes it more secure but still
allowing the needed access.
I think I need an apparmor training :-);
Thanks for your help!
I updated the ppa and it should now also got rid of these apparmor messages
while keeping your hosts fix in place.
Please if possible retest with that one.
I also think once we have confirmed that these both fixes help I'm gonna
submit them upstream.
They don't have to stay a Ubuntu delta forever.
Since you did most IMHO please let me know if you want to do that.