AppArmor

Clean up profiles now that the base abstraction allows reading /proc/*/{auxv,status}

Bug #1658294 reported by intrigeri
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Undecided
Unassigned

Bug Description

In r3626, to address https://launchpad.net/bugs/1658239, we've added read permission on @{PROC}/@{pid}/{auxv,status} to the base abstraction. On my system, I count 13 profiles that explicitly add such permissions themselves. They should be cleaned up.

And while we're at it, we should adjust the "glibc's *printf protections read the maps file" comment that r3626 didn't update.

Tags: aa-policy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.