libapparmor1: change_hat() doesn't work in chroots unless /proc is mounted

Bug #241112 reported by Jürgen Kreileder on 2008-06-18
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)

Bug Description

Binary package hint: apparmor

libapparmor1's change_hat() doesn't work in chroots unless procfs is mounted in the chroot because the mechanism requires write access to /proc/<pid>/attr/current.

This is unfortunate because it makes apparmor mostly useless (no change-hat functionality) for minimal chroots (like apache chrooted via libapache-mod-chroot).

Jamie Strandboge (jdstrand) wrote :

Running a process confined and chrooting are typically two different, mutually-exclusive solutions to the same problem. I'll mark as wishlist for now.

Changed in apparmor (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Changed in apparmor (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers