out of free space on /tmp causes apparmor loosing protection on reload

Bug #775785 reported by Arkadiusz Miśkiewicz on 2011-05-02
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)

Bug Description

If there is no free space on tmp partition then reloading apparmor (init.d/apparmor reload) causes protection/profiles to be lost.

visibility: private → public
Simon Déziel (sdeziel) wrote :

I can reproduce this behaviour on a Natty amd64 VM. In fact, when /tmp is 100% full /etc/init.d/apparmor reload|restart will not pick new profiles.

Also, when you free some space in /tmp even reloading/restart Apparmor will not activate new profiles. I had to use apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.firefox to finally have it.

Sometimes, apparmor reload/restart will give this error :

grep: write error: No space left on device

Changed in apparmor:
status: New → Confirmed
Kees Cook (kees) wrote :

If we switch from dash to bash, we can use local fd redirection to avoid the need for /tmp at all.

Changed in apparmor (Ubuntu):
status: New → Triaged
tags: added: patch
Arkadiusz Miśkiewicz (arekm) wrote :

Using bash sucks. We want code that supports POSIX shell.

Also proposed patch is for some code that's not even in apparmor bzr repo .

Steve Beattie (sbeattie) wrote :

An awk-based fix was committed to both trunk for 2.7 (rev 1805) and to the 2.6 branch (rev 1706).

Changed in apparmor:
status: Confirmed → Fix Committed
status: Fix Committed → Fix Released
Changed in apparmor (Ubuntu):
importance: Undecided → Medium
milestone: none → precise-updates
Jamie Strandboge (jdstrand) wrote :

This was fixed long ago in Ubuntu.

Changed in apparmor (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers