abstractions/X has wrong permissions on non-abstract socket
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Unassigned | ||
2.10 |
Fix Released
|
Undecided
|
Unassigned | ||
2.9 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
/etc/apparmor.
/tmp/.X11-unix/* w,
But "rw" is needed, not just "w".
To test this, you need to start X with "-nolisten local". I did so recently as part of my investigations into X insecurity ( http://
Jun 7 16:37:06 tinyman kernel: [ 490.687257] type=1400 audit(146528142
Changing it to "rw" fixed the issue. This is on Trusty but I see that the relevant line is the same in bzr master.
tags: | added: aa-policy |
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
Thanks for the report!
I commited the updated abstractions/X to trunk r3570, 2.10 branch r3355 and 2.9 branch r3026.