aa-logprof asks for "a" rule even if "deny w" is present

Bug #1385474 reported by Christian Boltz on 2014-10-24
This bug affects 2 people
Affects Status Importance Assigned to Milestone

Bug Description

From bug 1324608 comment 1:

Additionally problem. When there is an already existing deny rule with a "w" mask
  deny /home/*/.profile w,
the "a" mask is not recognized as being matched by it and thus aa-logprof prompts to create a new rule when the permission is already affirmatively denied.

Christian Boltz (cboltz) wrote :

For the records: Even after the rewrite to FileRule, this bug survived.

At least there's a TODO note for it in is_covered_localvars() ;-)

Tyler Hicks (tyhicks) wrote :

This was released in AppArmor 2.12. The upstream commit is a0d4e246ab248046e1b0b7d270733183d8a02115.

Changed in apparmor:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers