AppArmor profiles attach to chrooted processes relative to their root

Bug #948147 reported by Felix Geyer on 2012-03-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

Since kernel 3.2.0-18-generic AppArmor profiles attach to processes that are started from a chroot relative to their root.

So for example I define a profile for /usr/bin/test and have a chroot /mnt/chroot with the binary /mnt/chroot/usr/bin/test.
In this case if /mnt/chroot/usr/bin/test is started from inside the chroot, the process will be confined by that profile.

Related branches

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.7.101-0ubuntu1

---------------
apparmor (2.7.101-0ubuntu1) precise; urgency=low

  * New upstream release. Fixes: LP: #948147
  * debian/lib/apparmor/functions: Update to support the feature directory so
    that caching will work on kernels that support the feature dir. Patch
    based on work from John Johansen. LP: #954469
 -- Jamie Strandboge <email address hidden> Thu, 15 Mar 2012 15:57:02 -0500

Changed in apparmor (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers