Hello. I would like to ask a question about the glibc-needed files, that are still missing in the 'abstractions/base' file. There is a bug report on Launchpad reported by Mr Kees Cook on 2017-01-20 (see [1]). As we can see, "Status" for a Xenial release is marked as "Fix Released" in AppArmor v2.10.3 (please see below for a latest version available in 16.04 LTS)
Referring to the above information, I would like to ask if missing rule can be added, for example, by hand? I mean: editing 'abstractions/base' file and add a proper, new files etc. What do you think? So, if it's okay, to make such a change by hand, it should looks this way? # glibc's *printf protections read the maps file - @{PROC}/@{pid}/maps r, # glibc's *printf protections read the maps file + @{PROC}/@{pid}/{maps,auxv,status} r, Am I right? I'm a little confused, because on Launchpad, AppArmor version with fix released is v2.10.3 (released on 2017-10-19) while the latest version is different (see below). But maybe I'm wrong and everything is okay and {auxv,status} files should not be added to the '@{PROC}/@{pid}/' rules in a 'base' abstractions file? So, what should I do? Can I add a new two files just as it's shown in a second rule above? Thanks, best regards. ● AppArmor: v2.10.95-0ubuntu2.9 (updated on Mon, Mar 12., 2018) ● Linux: v4.4.0-116-generic (4.4.98) Thanks, best regards. __________________ 1. https://bugs.launchpad.net/apparmor/+bug/1658239 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor