[apparmor] stacked filesystems status update?
John Johansen
john.johansen at canonical.com
Mon Apr 16 20:08:42 UTC 2012
On 04/16/2012 12:48 PM, intrigeri wrote:
> Hi,
>
> as the maintainer of a Live system that uses aufs, I'm severely hit by
> the lack of support for stacked filesystems in AppArmor.
>
> Steve's comment #41 on LP #131976 [0] suggests an easy workaround.
> However, John's comment #42 explains that "there is still a bug in
> alias processing, that needs to be fixed before this will work".
>
> Was this alias processing bug fixed?
> If it was not, is it tracked anywhere?
>
Sadly it has not been fixed, despite it being a critical bug it requires
some major work to fix, there has been progress on it but it is not done.
The work around right now is manually splitting some rules, so that the
current alias rules can be applied (see below).
https://bugs.launchpad.net/apparmor/+bug/888077
aliases as they are currently implemented aren't applied to regular
expressions that would match against the alias root.
Eg.
alias /home/ -> /mnt/rw,
/** rw, #rule not correctly aliased
/home/** rw # rule is correctly aliased
I am trying to get this code rework done for the next release post the up coming
2.8 release. Being a compiler only fix it is possible we can backport this
to previous releases.
More information about the AppArmor
mailing list