APPLIED: [PATCH][Artful] UBUNTU: SAUCE: apparmor: fix apparmorfs DAC access, permissions
Seth Forshee
seth.forshee at canonical.com
Thu Aug 31 17:13:07 UTC 2017
On Thu, Aug 31, 2017 at 10:05:41AM -0700, John Johansen wrote:
> The DAC access permissions for several apparmorfs files are wrong.
>
> .access - needs to be writable by all tasks to perform queries
> the others in the set only provide a read fn so should be read only.
>
> With policy namespace virtualization all apparmor needs to control
> the permission and visibility checks directly which means DAC
> access has to be allowed for all user, group, and other.
>
> BugLink: http://bugs.launchpad.net/bugs/1713103
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Applied to unstable/master, thanks!
More information about the kernel-team
mailing list