ptrace read denial even though ptrace read is specified

Bug #1324533 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Undecided
Unassigned
apparmor (Ubuntu)
Fix Released
High
Marc Deslauriers
Trusty
Triaged
High
Marc Deslauriers
Utopic
Fix Released
High
Marc Deslauriers

Bug Description

If I have this rule:
ptrace (read) peer=@{profile_name},

I see this denial:
May 28 21:02:30 ubuntu-phablet kernel: [ 574.625385] type=1400 audit(1401310950.562:93): apparmor="DENIED" operation="ptrace" profile="com.ubuntu.developer.webapps.webapp-gmail_webapp-gmail_1.0.10" pid=2618 comm="threaded-ml" requested_mask="read" denied_mask="read" peer="com.ubuntu.developer.webapps.webapp-gmail_webapp-gmail_1.0.10"

This is most easily seen when using webapps on the phone.

Revision history for this message
John Johansen (jjohansen) wrote :

This is a bug in the apparmor_parsers handling of escape sequences in the rule encoding. It was fixed in upstream commit r2456

Changed in apparmor (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apparmor (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apparmor (Ubuntu Trusty):
importance: Undecided → High
Changed in apparmor (Ubuntu Utopic):
importance: Undecided → High
Changed in apparmor (Ubuntu Trusty):
status: New → Triaged
Changed in apparmor (Ubuntu Utopic):
status: New → Triaged
Changed in apparmor (Ubuntu Utopic):
status: Triaged → Fix Released
Mathew Hodson (mhodson)
Changed in apparmor:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.