change_profile requires separate permission rule to access /proc interface
Bug #979135 reported by
John Johansen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
When a profile contains a rule granting permission to use the change_profile interface
Eg.
change_profile -> **,
it is not enough permissions to actually use the interface, because write permission to access the interface at
/proc/
is also needed.
If a change_profile rule is present it should imply that this permission is granted
Revision history for this message
| Steve Beattie (sbeattie) wrote | #1 |
| Changed in apparmor: | |
| status: | New → Fix Committed |
| milestone: | none → 2.8.0 |
| importance: | Undecided → Medium |
| Changed in apparmor: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Committed in trunk revno 2030