[apparmor] [Bug 979135] Re: change_profile requires separate permission rule to access /proc interface
Steve Beattie
sbeattie at ubuntu.com
Fri Apr 13 17:46:56 UTC 2012
Committed in trunk revno 2030
** Changed in: apparmor
Status: New => Fix Committed
** Changed in: apparmor
Milestone: None => 2.8.0
** Changed in: apparmor
Importance: Undecided => Medium
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/979135
Title:
change_profile requires separate permission rule to access /proc
interface
Status in AppArmor Linux application security framework:
Fix Committed
Bug description:
When a profile contains a rule granting permission to use the change_profile interface
Eg.
change_profile -> **,
it is not enough permissions to actually use the interface, because write permission to access the interface at
/proc/self/attr/{current,exec} w,
is also needed.
If a change_profile rule is present it should imply that this
permission is granted
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/979135/+subscriptions
More information about the AppArmor
mailing list