On Fri, May 02, 2014 at 12:46:51PM -0500, Tyler Hicks wrote: > Mention, in the apparmor.d man page, that pivot_root arguments must end > with a '/' character since they are directories. > > The parser currently allows pivot_root arguments that do not end in '/', > but those rules will always fail to match. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> > Cc: Jamie Strandboge <ja...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com> Thanks > --- > > Jamie asked for a mention in the man page that pivot_root arguments must end > in > '/'. (see > https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305244/comments/7) > > Additionally, Jamie mentioned that the variable expansion issue (see > https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305244/comments/3) > should possibly be documented in the pivot_root section. I didn't add anything > about variable expansion in this patch because, AFAIU, it isn't specific to > pivot_root rules. This is a variable expansion bug that affects all rule types > and should simply be fixed. > > parser/apparmor.d.pod | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod > index dd1e6ff..141db36 100644 > --- a/parser/apparmor.d.pod > +++ b/parser/apparmor.d.pod > @@ -668,6 +668,9 @@ AppArmor 'pivot_root' rules can specify a profile > transition to occur during > the pivot_root(2) system call. Note that AppArmor will only transition the > process calling pivot_root(2) to the new profile. > > +The paths specified in 'pivot_root' rules must end with '/' since they are > +directories. > + > Here are some example 'pivot_root' rules: > > # Allow any pivot > -- > 1.9.1 > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor