[apparmor] [PATCH 3/3] Fix change_profile to grant access to api
Steve Beattie
steve at nxnw.org
Wed Apr 11 22:42:05 UTC 2012
On Wed, Apr 11, 2012 at 01:53:42PM -0700, John Johansen wrote:
> Currently a change_profile rule does not grant access to the
> /proc/<pid>/attr/{current,exec} interfaces that are needed to perform
> a change_profile or change_onexec, requiring that an explicit rule allowing
> access to the interface be granted.
>
> Make it so change_profile implies the necessary
> /proc/@{PID}/attr/{current,exec} w,
>
> rule just like the presence of hats does for change_hat
>
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-By: Steve Beattie <sbeattie at ubuntu.com>
Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120411/2d77f58e/attachment.pgp>
More information about the AppArmor
mailing list