ptrace read denial even though ptrace read is specified

Bug #1324533 reported by Jamie Strandboge on 2014-05-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned
apparmor (Ubuntu)
High
Marc Deslauriers
Trusty
High
Marc Deslauriers
Utopic
High
Marc Deslauriers

Bug Description

If I have this rule:
ptrace (read) peer=@{profile_name},

I see this denial:
May 28 21:02:30 ubuntu-phablet kernel: [ 574.625385] type=1400 audit(1401310950.562:93): apparmor="DENIED" operation="ptrace" profile="com.ubuntu.developer.webapps.webapp-gmail_webapp-gmail_1.0.10" pid=2618 comm="threaded-ml" requested_mask="read" denied_mask="read" peer="com.ubuntu.developer.webapps.webapp-gmail_webapp-gmail_1.0.10"

This is most easily seen when using webapps on the phone.

John Johansen (jjohansen) wrote :

This is a bug in the apparmor_parsers handling of escape sequences in the rule encoding. It was fixed in upstream commit r2456

Changed in apparmor (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apparmor (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in apparmor (Ubuntu Trusty):
importance: Undecided → High
Changed in apparmor (Ubuntu Utopic):
importance: Undecided → High
Changed in apparmor (Ubuntu Trusty):
status: New → Triaged
Changed in apparmor (Ubuntu Utopic):
status: New → Triaged
Changed in apparmor (Ubuntu Utopic):
status: Triaged → Fix Released
Changed in apparmor:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers