[apparmor] 'owner' too strict for /tmp/ and /var/tmp/ in user-tmp abstraction
Jamie Strandboge
jamie at canonical.com
Mon Aug 9 16:01:19 BST 2010
Uhhh, I was a little too aggressive in commit 1406. Owner match on
'/tmp/' and '/var/tmp/' won't work except for processes running as root.
I've applied the following patch to fix LP: #615177[1] since what we
have is obviously wrong. This should also be applied to 2.5.1.
[1] https://bugs.launchpad.net/ubuntu/+source/mysql-5.1/+bug/615177
=== modified file 'profiles/apparmor.d/abstractions/user-tmp'
--- profiles/apparmor.d/abstractions/user-tmp 2010-05-12 08:52:23 +0000
+++ profiles/apparmor.d/abstractions/user-tmp 2010-08-09 14:55:54 +0000
@@ -16,6 +16,6 @@
# global tmp directories
owner /var/tmp/** rwkl,
- owner /var/tmp/ rw,
+ /var/tmp/ rw,
owner /tmp/** rwkl,
- owner /tmp/ rw,
+ /tmp/ rw,
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100809/e6b7c969/attachment.pgp
More information about the AppArmor
mailing list