[apparmor] 'owner' too strict for /tmp/ and /var/tmp/ in user-tmp abstraction
John Johansen
john.johansen at canonical.com
Mon Aug 9 16:04:49 BST 2010
On 08/09/2010 11:01 AM, Jamie Strandboge wrote:
> Uhhh, I was a little too aggressive in commit 1406. Owner match on
> '/tmp/' and '/var/tmp/' won't work except for processes running as root.
> I've applied the following patch to fix LP: #615177[1] since what we
> have is obviously wrong. This should also be applied to 2.5.1.
>
> [1] https://bugs.launchpad.net/ubuntu/+source/mysql-5.1/+bug/615177
>
oops, ACK
> === modified file 'profiles/apparmor.d/abstractions/user-tmp'
> --- profiles/apparmor.d/abstractions/user-tmp 2010-05-12 08:52:23 +0000
> +++ profiles/apparmor.d/abstractions/user-tmp 2010-08-09 14:55:54 +0000
> @@ -16,6 +16,6 @@
>
> # global tmp directories
> owner /var/tmp/** rwkl,
> - owner /var/tmp/ rw,
> + /var/tmp/ rw,
> owner /tmp/** rwkl,
> - owner /tmp/ rw,
> + /tmp/ rw,
>
>
>
More information about the AppArmor
mailing list