[apparmor] [16.04 LTS]: missing /proc/$pid/{auxv, status} files (glibc's *printf protections) in base abstractions?
daniel curtis
sidetripping at gmail.com
Mon Mar 12 18:59:49 UTC 2018
Hello.
I would like to ask a question about the glibc-needed files, that are
still missing in the 'abstractions/base' file. There is a bug report
on Launchpad reported by Mr Kees Cook on 2017-01-20 (see [1]). As we
can see, "Status" for a Xenial release is marked as "Fix Released" in
AppArmor v2.10.3 (please see below for a latest version available in
16.04 LTS)
Referring to the above information, I would like to ask if missing
rule can be added, for example, by hand? I mean: editing
'abstractions/base' file and add a proper, new files etc. What do you
think? So, if it's okay, to make such a change by hand, it should
looks this way?
# glibc's *printf protections read the maps file
- @{PROC}/@{pid}/maps r,
# glibc's *printf protections read the maps file
+ @{PROC}/@{pid}/{maps,auxv,status} r,
Am I right? I'm a little confused, because on Launchpad, AppArmor
version with fix released is v2.10.3 (released on 2017-10-19) while
the latest version is different (see below). But maybe I'm wrong and
everything is okay and {auxv,status} files should not be added to the
'@{PROC}/@{pid}/' rules in a 'base' abstractions file?
So, what should I do? Can I add a new two files just as it's shown in
a second rule above?
Thanks, best regards.
● AppArmor: v2.10.95-0ubuntu2.9 (updated on Mon, Mar 12., 2018)
● Linux: v4.4.0-116-generic (4.4.98)
Thanks, best regards.
__________________
1. https://bugs.launchpad.net/apparmor/+bug/1658239
More information about the AppArmor
mailing list