unix domain socket cross permission check failing with nested namespaces
Bug #1660832 reported by
John Johansen
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Xenial |
Confirmed
|
Undecided
|
Unassigned | ||
Yakkety |
Confirmed
|
Undecided
|
Unassigned | ||
Zesty |
Confirmed
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned | ||
Zesty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When using nested namespaces policy within the nested namespace is trying
to cross validate with policy outside of the namespace that is not
visible to it. This results the access being denied and with no way to
add a rule to policy that would allow it.
Changed in linux (Ubuntu Xenial): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Yakkety): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Zesty): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Yakkety): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
tags: |
added: verification-done-yakkety removed: verification-needed-yakkety |
Changed in linux (Ubuntu Xenial): | |
status: | Triaged → Fix Committed |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1660832
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.