apparmor fs does not reflect 4.4 backport of mmap perms change

Bug #1830984 reported by Steve Beattie
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

The upstream commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 was backported to the 4.4.x xenial kernel series to address CVE-2019-11190. However, the change introduces subtle changes to apparmor policy, including in the apparmor regression tests. A sysfs entry was added in later kernels to indicate this; 34c426acb75cc21bdf84685e106db0c1a3565057 upstream; this should be backported to the 4.4 kernels.

Steve Beattie (sbeattie)
Changed in linux (Ubuntu):
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

After discussion, it was decided that, because the addtional entry in the features directory will cause apparmor on the next boot to recompile all policy unnecessarily (because there won't be any actual policy changes) which can be a problem for low power devices, this patch will not be brought back to the 4.4.x kernel series.

Changed in linux (Ubuntu Xenial):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers