[apparmor] [Bug 979135] [NEW] change_profile requires separate permission rule to access /proc interface
John Johansen
john.johansen at canonical.com
Wed Apr 11 17:06:34 UTC 2012
Public bug reported:
When a profile contains a rule granting permission to use the change_profile interface
Eg.
change_profile -> **,
it is not enough permissions to actually use the interface, because write permission to access the interface at
/proc/self/attr/{current,exec} w,
is also needed.
If a change_profile rule is present it should imply that this permission
is granted
** Affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/979135
Title:
change_profile requires separate permission rule to access /proc
interface
Status in AppArmor Linux application security framework:
New
Bug description:
When a profile contains a rule granting permission to use the change_profile interface
Eg.
change_profile -> **,
it is not enough permissions to actually use the interface, because write permission to access the interface at
/proc/self/attr/{current,exec} w,
is also needed.
If a change_profile rule is present it should imply that this
permission is granted
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/979135/+subscriptions
More information about the AppArmor
mailing list