AppArmor

aa.py's set_process() function doesn't work

Bug #1536539 reported by Tyler Hicks on 2016-01-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	Triaged	Medium	Unassigned	AppArmor 2.11

Bug Description

Upon source code inspection, I see that set_process() writes "setprofile <PROFILE>" to /proc/<PID>/attr/current. The "setprofile" prefix is not accepted by the kernel. It should be writing "changeprofile <PROFILE>" to that file.

Tags:

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2016-01-21:

.. and furthermore the "changeprofile" isn't going to work anyway.

Christian Boltz (cboltz) on 2016-01-22

tags:

added: aa-tools

Revision history for this message

Christian Boltz (cboltz) wrote on 2016-01-22:

Some discussion on IRC shows that we first need to change and fix some things in the parser and maybe also the kernel to make this possible in a sane way.

Short version: aa_change_profile() can't be used from an external process, but it's possible to rename a null-* profile while reloading it. Unfortunately that renaming is quite difficult currently, so that needs to be fixed first.

tags:

added: aa-kernel aa-parser

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.