[apparmor] [Bug 921000] Re: no logging if using non-existent child profile
John Johansen
john.johansen at canonical.com
Tue Jan 24 15:20:10 UTC 2012
This needs to be fixed in the logging, as apparmor currently doesn't do
a total policy load. That is the target may be a profile that is
compiled and loaded separately, or a profile that has been removed.
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/921000
Title:
no logging if using non-existent child profile
Status in AppArmor Linux application security framework:
New
Status in “apparmor” package in Ubuntu:
New
Bug description:
Ubuntu recently added the ubuntu-helpers abstraction with the
sanitized_helper child profile. If I do the following:
/bin/foo {
/usr/bin/bar Cxr -> sanitized_helper,
}
and then execute /bin/foo, the execution of /usr/bin/bar fails but
with no logging. This is because in the above profile I forgot to add
'#include <abstractions/ubuntu-helpers>', which is what defines the
sanitized_helper profile.
This can either be fixed in the logging mechanism or apparmor_parser
should fail if the parent profile references a child profile that is
not defined.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/921000/+subscriptions
More information about the AppArmor
mailing list