mount -> @{HOME}/... denial
Bug #1612393 reported by
Jamie Strandboge
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
When using apparmor tunables for the mountpoint in mount rules, the parser will parse the rule but the kernel blocks it.
Eg, this works:
# works
mount -> /home/*/mnt/,
This doesn't:
mount -> @{HOME}/mnt/,
audit: type=1400 audit(147094392
I did not test the srcname. Attached is a reproducer and profile.
$ mkdir ~/mnt
$ gcc -Wall ./fusexmp.c `pkg-config fuse --cflags --libs` -o fusexmp
$ sudo apparmor_parser -r /tmp/apparmor.
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #3 |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #4 |
| description: | updated |
| description: | updated |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #5 |
| Changed in apparmor (Ubuntu): | |
| status: | New → Confirmed |
To post a comment you must log in.
This is the type of rule I'm striving to have:
mount fstype=fuse.* [^/]** -> @{HOME}
That doesn't work, but his does:
mount fstype=fuse.* [^/]** -> /home/*