aa-enforce doesn't remove complain flag in hats

Bug #1322780 reported by Christian Boltz on 2014-05-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Medium
Unassigned
2.9
Undecided
Unassigned

Bug Description

From https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1322764

$ aa-enforce /etc/apparmor.d/usr.sbin.apache2
$ ls /etc/apparmor.d/disable | grep apache2 | wc -l
0
$ grep complain /etc/apparmor.d/usr.sbin.apache2
  ^DEFAULT_URI flags=(complain) {
  ^HANDLING_UNTRUSTED_INPUT flags=(complain) {

-> bug: complain not removed on hats when aa-enforce runs

aa-complain most probably shares this bug the other way round.

Bonus points for adding a commandline option to only switch the flag of the main profile or only a specific hat ;-)

Revision history for this message
Christian Boltz (cboltz) wrote :

This also happens with the python utils.

tags: added: aa-tools
Changed in apparmor:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Christian Boltz (cboltz) wrote :

Fix commited to bzr trunk r3050 and 2.9 branch r2918.

Changed in apparmor:
milestone: none → 2.10
status: Triaged → Fix Committed
Revision history for this message
Steve Beattie (sbeattie) wrote :

AppArmor 2.10 has been released: https://launchpad.net/apparmor/2.10/2.10

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers