Need "pivot_root" and "change_profile" exceptions for the unconfined template
Bug #1609919 reported by
Christopher Townsend
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apparmor-easyprof-ubuntu (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
Per discussion on IRC, in order to support the Libertine Manager UI click package, we would need the "pivot_root" and "change_profile" exceptions added to the unconfined template in order for it to work.
Revision history for this message
| Tyler Hicks (tyhicks) wrote | #1 |
| summary: |
Need "pivot_root" and "change_profile" exceptions for the unconfined - temple + template |
Revision history for this message
| Tyler Hicks (tyhicks) wrote | #2 |
| Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
| status: | Incomplete → Expired |
To post a comment you must log in.
A bare pivot_root rule would be acceptable to add to the unconfined template. We probably wouldn't want to add a bare change_profile rule to the template but could possibly add a set of rules that allow change_profile to anything except for "unconfined".
Another option would be to create a new template that allows a bare change_profile rule.
Christopher is currently investigating the option of shipping the Libertine Manager UI as a deb, instead of a click, so we may not need to adjust the template for these two sets of rules if that provides a viable path forward.