no logging if using non-existent child profile
Bug #921000 reported by
Jamie Strandboge
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Triaged
|
Medium
|
Unassigned | ||
| apparmor (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| linux (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
Ubuntu recently added the ubuntu-helpers abstraction with the sanitized_helper child profile. If I do the following:
/bin/foo {
/usr/bin/bar Cxr -> sanitized_helper,
}
and then execute /bin/foo, the execution of /usr/bin/bar fails but with no logging. This is because in the above profile I forgot to add '#include <abstractions/
This can either be fixed in the logging mechanism or apparmor_parser should fail if the parent profile references a child profile that is not defined.
Revision history for this message
| John Johansen (jjohansen) wrote | #1 |
| Changed in apparmor: | |
| status: | New → Triaged |
| tags: | added: kernel-bot-stop-nagging |
| Changed in apparmor (Ubuntu): | |
| status: | New → Invalid |
| Changed in linux (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| Changed in apparmor: | |
| importance: | Undecided → Medium |
| Changed in linux (Ubuntu): | |
| assignee: | nobody → John Johansen (jjohansen) |
| tags: | added: aa-kernel |
| Changed in linux (Ubuntu): | |
| assignee: | John Johansen (jjohansen) → nobody |
To post a comment you must log in.
This needs to be fixed in the logging, as apparmor currently doesn't do a total policy load. That is the target may be a profile that is compiled and loaded separately, or a profile that has been removed.