AppArmor initialization code should open a file in apparmorfs instead of stat'ing it
Bug #1238267 reported by
Tyler Hicks
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dbus (Ubuntu) |
Fix Released
|
High
|
Tyler Hicks | ||
Saucy |
Fix Released
|
High
|
Tyler Hicks |
Bug Description
When dbus-daemon is initializing the AppArmor module, the AppArmor code checks for the existence of a file in apparmorfs. If the file does not exist or can't be opened, the AppArmor mediation hooks will be disabled.
LXC shipped a change that denied access to apparmorfs (https:/
The fix is to have dbus-daemon open() a file in apparmorfs, rather than stat() a file.
This is needed to fix failing desktop autopilot tests.
Changed in dbus (Ubuntu): | |
milestone: | none → ubuntu-13.10 |
Changed in dbus (Ubuntu Saucy): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package dbus - 1.6.12-0ubuntu10
---------------
dbus (1.6.12-0ubuntu10) saucy; urgency=low
* debian/ patches/ aa-mediation. patch: Attempt to open() the mask file in features/ dbus rather than simply stat() the dbus directory. compat- check.patch patches/ aa-get- connection- apparmor- security- context. patch, patches/ aa-mediate- eavesdropping. patch: Refresh these patches to
apparmorfs/
This is an important difference because AppArmor does not mediate the
stat() syscall. This resulted in problems in an environment where
dbus-daemon, running inside of an LXC container, did not have the
necessary AppArmor rules to access apparmorfs but the stat() succeeded
so mediation was not properly disabled. (LP: #1238267)
This problem was exposed after dropping aa-kernel-
because the compat check was an additional check that performed a test
query. The test query was failing in the above scenario, which did result
in mediation being disabled.
* debian/
debian/
accomodate the above change
-- Tyler Hicks <email address hidden> Thu, 10 Oct 2013 10:40:26 -0700