Ubuntu
linux package

  1. Bug #1236455
  2. Comment #9

Comment 9 for bug 1236455

Revision history for this message
Luca Lazzeroni (luca-m) wrote : Re: [Bug 1236455] Running tasks are not subject to reloaded policies

Should I try to update kernel on production machine ?

Il giorno 07/nov/2013, alle ore 16:48, Serge Hallyn <email address hidden> ha scritto:

> Great news - libvirt bug 1248577 is also fixed with this kernel!
>
> Thanks, John.
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1248577).
> https://bugs.launchpad.net/bugs/1236455
>
> Title:
> Running tasks are not subject to reloaded policies
>
> Status in “apparmor” package in Ubuntu:
> Confirmed
> Status in “apparmor” source package in Saucy:
> Confirmed
> Status in “apparmor” source package in Trusty:
> Confirmed
>
> Bug description:
> As of saucy, if you start /usr/bin/foo under an existing policy defined
> in /etc/apparmor.d/usr.bin.foo, then reload /etc/apparmor.d/usr.bin.foo
> with updated permissions, then the running tasks is not subject to the
> new permissions.
>
> A testcase is at http://people.canonical.com/~serge/aa_exec.tgz . This
> passes in precise, and fails in saucy.
>
> This came up in the libvirt regression testsuite. When it tries to
> virsh attach-device, then the existing libvirt task's policy must be
> updated to allow it to access the new device image file. The test fails
> with EACCESS trying to open the image file after loading the new policy.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1236455/+subscriptions

Ing. Luca Lazzeroni - Trend Servizi Srl
Responsabile R&D
http://www.trendservizi.it