[apparmor] Allowing read access to anonymous huge pages
John Johansen
john.johansen at canonical.com
Mon Jan 21 11:44:24 UTC 2013
On 01/21/2013 03:20 AM, Aaron Lewis wrote:
> Hi,
>
> Here's what I got:
>
> kernel 3.7.1 with aa 2.8.1,
>
> type=1400 audit(1358767064.900:6103): apparmor="DENIED" operation="file_mmap" parent=1 profile="/XXXX" name="/anon_hugepage//deleted" pid=26844 comm="java" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
>
> Adding that /anon stuff doesn't help, logs still available.
>
> Any ideas? Thanks!
>
Aaron,
unfortunately this looks like a bug that is going to need a patch to fix, I don't even think there is a temporary work around (like the mediate_delted, or attach_disconnected profile flags) that can be used as a work around. I'll see if I can't get a patch out today.
More information about the AppArmor
mailing list