please explicitly deny access to /run/shm/lttng-ust-*
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Here is what I see on 62 when launching apps:
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.536491] type=1400 audit(138688229
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.536724] type=1400 audit(138688229
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.537013] type=1400 audit(138688229
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.537190] type=1400 audit(138688229
Talking with tedg, these shouldn't be available to confined apps and we can safely explicitly deny the access to silence the errors.
Related branches
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
status: | New → In Progress |
This bug was fixed in the package apparmor- easyprof- ubuntu - 1.0.44
--------------- easyprof- ubuntu (1.0.44) trusty; urgency=low
apparmor-
* add ubuntu/1.1 policy, symlinking to 1.0 for things with no changes lttng-ust- * (LP: #1260491) xdg/data/ themes (LP: #1261875) graphics. d/apparmor- easyprof- ubuntu_ goldfish
* adjust tests/test-data.py for 1.1 policy
* add webview policy group for oxide
* 1.*/ubuntu-* templates:
- remove old comment about Click packages being installed in /opt
- explicitly deny /run/shm/
- also allow /custom/
* 1.1/ubuntu-* templates: remove access to /tmp/mir_socket (LP: #1236912)
* add hardware/
-- Jamie Strandboge <email address hidden> Fri, 20 Dec 2013 08:13:36 -0600