Hi, I apparently just ran into a kernel regression with AppArmor and I'm looking for the correct bugtracker now.
The situation at hand is roughly the following: /usr/bin/element-desktop is a bash-script, therefore spawns a bash spawns "electron /usr/lib/element/element.asar" I have a profile for /usr/bin/element-desktop containerizing this stack using ix for execution. This, if I have this correctly, should spawn every subprocess of the aforementioned executable in the same profile, hence this should also work recursively. I observe the problem specifically for the element-desktop-profile, I have other AppArmor-profiles that still work as intended. It does work on Linux 5.8.1, but it apparently doesn't anymore on 5.8.2 and 5.8.3, where I get a permission denied for bash for /etc/ld.so.cache as well as /usr/lib/libreadline.so.8.0 (albeit not changing the AppArmor-profile, and both are whitelisted for reading (which is the permission that's denied by AppArmor according to dmesg), one via "/usr/** rmix,", the other via "/etc/ld.so.cache mr," therefore I am 90% sure that this is not a mistake on my side and 10% sure that I missed something, but don't know what). The bug seems to be in the "ix", as explicitly whitelisting both files in the profile manually does not resolve the situation, at least not for libreadline, and the process that dies on it is the bash in the second stage. (I somehow managed to fix it for ld.so.cache, not sure why that works whereas for libreadline it doesn't). The question now is: which bugtracker does this go to to be best reported if it continues to be a bug? Kernel or AppArmor-Tools? Seems to be the kernel, but I don't know how AppArmor is implemented, if it's something implemented in eBPF it's possibly not the kernel? Maybe I have another idea for the root cause, but currently I'm a bit out of ideas. (Open for ideas, though, if anyone has a guess what's the issue at play.) Thanks, Jonas -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor