[Bug 1759084] Re: mysqld-akonadi profile does not support seccomp
smitz katze
1759084 at bugs.launchpad.net
Wed Mar 28 12:03:17 UTC 2018
** Description changed:
The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with
seccomp in general and the no_new_privs bit specifically, because it
includes a profile transition.
I came across this when I tried to write a profile for the Firejail
sandbox, and had to omit everything seccomp related in order to not
break Akonadi:
- https://github.com/netblue30/firejail/blob/1bc84f3e53f66abf4ee246e89f20f72626a199de/etc/akonadi_control.profile
+ https://github.com/netblue30/firejail/blob/master/etc/akonadi_control.profile
Would it be possible for you to replace access mode cx with ix here?
Especially because the transition in usr.sbin.mysqld-akonadi seems to
- not have been motivated by any administrative or security needs....
+ not have been motivated by administrative or security needs....
Best regards,
smitsohu
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to akonadi in Ubuntu.
https://bugs.launchpad.net/bugs/1759084
Title:
mysqld-akonadi profile does not support seccomp
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1759084/+subscriptions
More information about the kubuntu-bugs
mailing list