AppArmor

aa-enforce doesn't remove complain flag in hats

Bug #1322780 reported by Christian Boltz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Medium
Unassigned
AppArmor 2.10
2.9
Fix Released
Undecided
Unassigned
AppArmor 2.9.3

Bug Description

From https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1322764

$ aa-enforce /etc/apparmor.d/usr.sbin.apache2
$ ls /etc/apparmor.d/disable | grep apache2 | wc -l
0
$ grep complain /etc/apparmor.d/usr.sbin.apache2
  ^DEFAULT_URI flags=(complain) {
  ^HANDLING_UNTRUSTED_INPUT flags=(complain) {

-> bug: complain not removed on hats when aa-enforce runs

aa-complain most probably shares this bug the other way round.

Bonus points for adding a commandline option to only switch the flag of the main profile or only a specific hat ;-)

Tags: aa-tools
Revision history for this message
Christian Boltz (cboltz) wrote :

This also happens with the python utils.

Jamie Strandboge (jdstrand)
tags: added: aa-tools
Changed in apparmor:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Christian Boltz (cboltz) wrote :

Fix commited to bzr trunk r3050 and 2.9 branch r2918.

Changed in apparmor:
milestone: none → 2.10
status: Triaged → Fix Committed
Revision history for this message
Steve Beattie (sbeattie) wrote :

AppArmor 2.10 has been released: https://launchpad.net/apparmor/2.10/2.10

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.