Is append mode useful?

Bug #1544791 reported by Seth Arnold
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Undecided
Unassigned
apparmor (Ubuntu)
New
Undecided
Unassigned

Bug Description

I think the 'a' append mode may not be useful.

Including 'a' in a profile is insufficient for writing to the file, at least on 3.13.0-77-generic.

Here's a sample profile:

#include <tunables/global>

/home/sarnold/demos/append flags=(complain) {
  #include <abstractions/base>

  /home/sarnold/demos/append mr,
  /home/sarnold/demos/testing a,

}

And I'll attach a sample program shortly.

When using O_APPEND | O_WRONLY:

If the file exists, denied_mask="w"
If the file doesn't exist, open() fails, no AA involvement

When using O_APPEND | O_WRONLY | O_CREAT:

No change when the file does or doesn't exist: denied_mask="c", denied_mask="w"

(When using enforce mode instead of complain mode, only denied_mask="c" gets logged; the open(2) fails and the write(2) is never called.)

$ rm testing
rm: cannot remove ‘testing’: No such file or directory
$ ./append append wronly ; ls -l testing
open: No such file or directory
ls: cannot access testing: No such file or directory
$ ./append append wronly creat ; ls -l testing
open: Permission denied
ls: cannot access testing: No such file or directory
$ ./append append rdwr ; ls -l testing
open: No such file or directory
ls: cannot access testing: No such file or directory
$ ./append append rdwr creat ; ls -l testing
open: Permission denied
ls: cannot access testing: No such file or directory

Thanks

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor 2.8.95~2430-0ubuntu5.3
ProcVersionSignature: Ubuntu 3.13.0-77.121-generic 3.13.11-ckt32
Uname: Linux 3.13.0-77-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Feb 11 15:55:45 2016
InstallationDate: Installed on 2012-10-18 (1211 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1)
KernLog:

ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.13.0-77-generic root=UUID=7b8c2e1b-d2e6-47d9-9030-c078e9701a1d ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:

UpgradeStatus: Upgraded to trusty on 2014-04-12 (670 days ago)
modified.conffile..etc.apparmor.d.abstractions.ubuntu.browsers.d.text.editors: [modified]
mtime.conffile..etc.apparmor.d.abstractions.ubuntu.browsers.d.text.editors: 2013-03-26T13:10:49

Revision history for this message
Seth Arnold (seth-arnold) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :
Christian Boltz (cboltz)
tags: added: aa-kernel
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.