[apparmor] Apparmor with initramfs mode

[Francois Bussery]

The Pb is in my mind not an apparmor issue but an initramfs issue.
Note that inittmpfs, don t have the MS_NOUSER flag. Also it exists some patch for initramfs that disable this flag... I have to evaluate them.. But a quick test with that kind of patch seems to solve the pb...

Envoyé à partir de mon Windows Phone
________________________________
De : John Johansen<mailto:john.johansen at canonical.com>
Envoyé : ‎01/‎07/‎2014 17:33
À : Francois Bussery<mailto:Francois.Bussery at pace.com>; apparmor at lists.ubuntu.com<mailto:apparmor at lists.ubuntu.com>
Objet : Re: [apparmor] Apparmor with initramfs mode

On 07/01/2014 05:23 AM, Francois Bussery wrote:
> Thanks a lot for this reply.
> In fact, I can confirm that apparmor works fine when booting from
> initramfs. I have no problem with profiles I write manually.
> All the rules are working fine for all mount points except the rootfs.
> (Ex: /sys, /proc, /mnt/xxx,Š)
> Unfortunately, for the files inside the initramfs, they¹re not catched by
> apparmor. It seems that the problem is that they¹re not considered as
> ³mediated filesystem²
> The pb seems to be related to the flag MS_NOUSER that is set in initramfs.
>
Ah yes correcy, currently apparmor won't mediate the initramfs it self.

IMPORTANT NOTICE - this e-mail and any attachments hereto are strictly confidential and intended solely for the addressee. If you are not the intended recipient, please notify the sender to report the error and delete this communication immediately. You must not disclose, forward or copy this e-mail or any attachments hereto without the prior consent of the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140701/5b75bf23/attachment.html>