<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="Generator" content="Microsoft Exchange Server"> <style></style> </head> <body> <div> <div> <div style="font-size:11pt; font-family:Calibri,sans-serif">The Pb is in my mind not an apparmor issue but an initramfs issue.<br> Note that inittmpfs, don t have the MS_NOUSER flag. Also it exists some patch for initramfs that disable this flag... I have to evaluate them.. But a quick test with that kind of patch seems to solve the pb...<br> <br> Envoyé à partir de mon Windows Phone</div> </div> <div dir="ltr"> <hr> <span style="font-size:11pt; font-family:Calibri,sans-serif; font-weight:bold">De : </span><span style="font-size:11pt; font-family:Calibri,sans-serif"><a href="mailto:john.johansen@canonical.com">John Johansen</a></span><br> <span style="font-size:11pt; font-family:Calibri,sans-serif; font-weight:bold">Envoyé : </span><span style="font-size:11pt; font-family:Calibri,sans-serif">‎01/‎07/‎2014 17:33</span><br> <span style="font-size:11pt; font-family:Calibri,sans-serif; font-weight:bold">À : </span><span style="font-size:11pt; font-family:Calibri,sans-serif"><a href="mailto:Francois.Bussery@pace.com">Francois Bussery</a>; <a href="mailto:apparmor@lists.ubuntu.com">apparmor@lists.ubuntu.com</a></span><br> <span style="font-size:11pt; font-family:Calibri,sans-serif; font-weight:bold">Objet : </span><span style="font-size:11pt; font-family:Calibri,sans-serif">Re: [apparmor] Apparmor with initramfs mode</span><br> <br> </div> </div> <font size="2"><span style="font-size:10pt;"> <div class="PlainText">On 07/01/2014 05:23 AM, Francois Bussery wrote:<br> > Thanks a lot for this reply.<br> > In fact, I can confirm that apparmor works fine when booting from<br> > initramfs. I have no problem with profiles I write manually.<br> > All the rules are working fine for all mount points except the rootfs.<br> > (Ex: /sys, /proc, /mnt/xxx,Š)<br> > Unfortunately, for the files inside the initramfs, they¹re not catched by<br> > apparmor. It seems that the problem is that they¹re not considered as<br> > ³mediated filesystem²<br> > The pb seems to be related to the flag MS_NOUSER that is set in initramfs.<br> > <br> Ah yes correcy, currently apparmor won't mediate the initramfs it self.<br> <br> </div> </span></font>IMPORTANT NOTICE - this e-mail and any attachments hereto are strictly confidential and intended solely for the addressee. If you are not the intended recipient, please notify the sender to report the error and delete this communication immediately. You must not disclose, forward or copy this e-mail or any attachments hereto without the prior consent of the sender. </body> </html>