[apparmor] [PATCH] tests: getopt is not required for bound AF_UNIX pathname sockets
Steve Beattie
steve at nxnw.org
Tue Sep 30 23:56:53 UTC 2014
On Tue, Sep 30, 2014 at 06:49:08PM -0500, Tyler Hicks wrote:
> Bug: https://bugs.launchpad.net/bugs/1375516
>
> The unix_socket test program calls getsockopt() after calling bind().
> Because AppArmor continues to use traditional file rules for sockets
> bound to a filesystem path, it does not mediate some socket operations
> after the socket has been bound to the filesystem path. The getopt
> permission is one of those socket operations.
>
> To account for this lack of mediation, the getopt permission should be
> removed from the server permissions list.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>
Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140930/03358a0c/attachment-0001.pgp>
More information about the AppArmor
mailing list