AppArmor logs denial for when the device path is ENOENT
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Example log message
[ 303.419688] audit: type=1400 audit(143894670
where the mount tried to
bind -o bind,rw "/var/lib/
but the src path "/var/lib/
The reason apparmor logs a denial is because to tries to lookup the kern_path of the src as parth of determining permissions and fails. However this mount will fail even with apparmor disabled as the same kernel_path call is made by the bind mount path after security_sb_mount has granted permission.
If apparmor is going to log this message it should report info, error, and srcname like below, so it is clear why it is failing.
[ 303.419688] audit: type=1400 audit(143894670
Related branches
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
Fix is in the apparmor 3.5 kernel patches