[apparmor] Allowing read access to anonymous huge pages
John Johansen
john.johansen at canonical.com
Tue Jan 22 13:19:27 UTC 2013
On 01/21/2013 03:44 AM, John Johansen wrote:
> On 01/21/2013 03:20 AM, Aaron Lewis wrote:
>> Hi,
>>
>> Here's what I got:
>>
>> kernel 3.7.1 with aa 2.8.1,
>>
>> type=1400 audit(1358767064.900:6103): apparmor="DENIED" operation="file_mmap" parent=1 profile="/XXXX" name="/anon_hugepage//deleted" pid=26844 comm="java" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
>>
>> Adding that /anon stuff doesn't help, logs still available.
>>
>> Any ideas? Thanks!
>>
>
> Aaron,
>
> unfortunately this looks like a bug that is going to need a patch to fix, I don't even think there is a temporary work around (like the mediate_delted, or attach_disconnected profile flags) that can be used as a work around. I'll see if I can't get a patch out today.
>
>
So I have a kernel patch in testing, but its only a temporary solution. If all is well I will post it later today
More information about the AppArmor
mailing list