I can confirm that this fixes it for me. Thanks! My test was:
bug.c: #include <stdio.h> #include <unistd.h>
int main() { printf("Started\n"); system("./child"); printf("Finished\n"); return 0; }
child.c: #include <stdio.h> #include <unistd.h>
int main() { printf("Started child\n"); sleep(10); system("cat /etc/motd"); printf("Finished child\n"); return 0; }
/etc/apparmor.d/home.kees.bug: #include <tunables/global> /home/kees/bug flags=(complain) { #include <abstractions/base> }
$ sudo aa-complain bug $ ./bug & sleep 2; sudo /sbin/apparmor_parser -R /etc/apparmor.d/*bug
I can confirm that this fixes it for me. Thanks! My test was:
bug.c:
#include <stdio.h>
#include <unistd.h>
int main() "Started\ n"); "Finished\ n");
{
printf(
system("./child");
printf(
return 0;
}
child.c:
#include <stdio.h>
#include <unistd.h>
int main()
{
printf("Started child\n");
sleep(10);
system("cat /etc/motd");
printf("Finished child\n");
return 0;
}
/etc/apparmor. d/home. kees.bug:
#include <tunables/global>
/home/kees/bug flags=(complain) {
#include <abstractions/base>
}
$ sudo aa-complain bug parser -R /etc/apparmor. d/*bug
$ ./bug & sleep 2; sudo /sbin/apparmor_