[Bug 1238267] Re: AppArmor initialization code should open a file in apparmorfs instead of stat'ing it
Dustin Kirkland
dustin.kirkland at gmail.com
Thu Oct 10 21:17:07 UTC 2013
** Changed in: dbus (Ubuntu)
Milestone: None => ubuntu-13.10
** Also affects: dbus (Ubuntu Saucy)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1238267
Title:
AppArmor initialization code should open a file in apparmorfs instead
of stat'ing it
Status in “dbus” package in Ubuntu:
In Progress
Status in “dbus” source package in Saucy:
In Progress
Bug description:
When dbus-daemon is initializing the AppArmor module, the AppArmor
code checks for the existence of a file in apparmorfs. If the file
does not exist or can't be opened, the AppArmor mediation hooks will
be disabled.
LXC shipped a change that denied access to apparmorfs
(https://lists.ubuntu.com/archives/saucy-
changes/2013-October/012059.html) through the use of an AppArmor
denial rule. However, AppArmor does not mediate stat() so dbus-daemon
doesn't detect that it cannot read files in apparmorfs.
The fix is to have dbus-daemon open() a file in apparmorfs, rather
than stat() a file.
This is needed to fix failing desktop autopilot tests.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1238267/+subscriptions
More information about the foundations-bugs
mailing list