Ubuntu
apparmor package

AppArmor profiles attach to chrooted processes relative to their root

Bug #948147 reported by Felix Geyer on 2012-03-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Since kernel 3.2.0-18-generic AppArmor profiles attach to processes that are started from a chroot relative to their root.

So for example I define a profile for /usr/bin/test and have a chroot /mnt/chroot with the binary /mnt/chroot/usr/bin/test.
In this case if /mnt/chroot/usr/bin/test is started from inside the chroot, the process will be confined by that profile.

Related branches

lp:ubuntu/precise/apparmor

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-03-15:

This bug was fixed in the package apparmor - 2.7.101-0ubuntu1

---------------
apparmor (2.7.101-0ubuntu1) precise; urgency=low

  * New upstream release. Fixes: LP: #948147
  * debian/lib/apparmor/functions: Update to support the feature directory so
    that caching will work on kernels that support the feature dir. Patch
    based on work from John Johansen. LP: #954469
-- Jamie Strandboge <email address hidden> Thu, 15 Mar 2012 15:57:02 -0500

Changed in apparmor (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor package