[apparmor] Mount flag handling
Levi Blackstone
levi.blackstone at RACKSPACE.COM
Tue Feb 9 21:52:12 UTC 2016
In-Reply-To: <56005F92.8020601 at canonical.com>
>> The problem occurs in the mnt_rule::gen_policy_re method in parser/mount.cc. When handling rules that specify options=(remount, bind), *two* rules are added to the policy: one to permit calls with MS_REMOUNT | MS_BIND and another that permits all calls to MS_BIND, with all other options masked out! The second rule is almost certainly unintentional. The quickest fixes would be to add a clause to make the if-statements mutually exclusive again, or to convert all of the ifs to a chain of if-elses, if the intention is, in fact, for only one of them to ever apply.
>>
> I need to look into this one more, I'll get back to you
Was this issue ever resolved?
More information about the AppArmor
mailing list