out of free space on /tmp causes apparmor loosing protection on reload

Bug #775785 reported by Arkadiusz Miśkiewicz on 2011-05-02
272
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned
2.6
Medium
Unassigned
2.7
Medium
Unassigned
apparmor (Ubuntu)
Medium
Unassigned

Bug Description

If there is no free space on tmp partition then reloading apparmor (init.d/apparmor reload) causes protection/profiles to be lost.

visibility: private → public
Simon Déziel (sdeziel) wrote :

I can reproduce this behaviour on a Natty amd64 VM. In fact, when /tmp is 100% full /etc/init.d/apparmor reload|restart will not pick new profiles.

Also, when you free some space in /tmp even reloading/restart Apparmor will not activate new profiles. I had to use apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.firefox to finally have it.

Sometimes, apparmor reload/restart will give this error :

grep: write error: No space left on device

Changed in apparmor:
status: New → Confirmed
Kees Cook (kees) wrote :

If we switch from dash to bash, we can use local fd redirection to avoid the need for /tmp at all.

Changed in apparmor (Ubuntu):
status: New → Triaged
tags: added: patch
Arkadiusz Miśkiewicz (arekm) wrote :

Using bash sucks. We want code that supports POSIX shell.

Also proposed patch is for some code that's not even in apparmor bzr repo .

Steve Beattie (sbeattie) wrote :

An awk-based fix was committed to both trunk for 2.7 (rev 1805) and to the 2.6 branch (rev 1706).

Changed in apparmor:
status: Confirmed → Fix Committed
status: Fix Committed → Fix Released
Changed in apparmor (Ubuntu):
importance: Undecided → Medium
milestone: none → precise-updates
Jamie Strandboge (jdstrand) wrote :

This was fixed long ago in Ubuntu.

Changed in apparmor (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers