Please note, this will require future backport kernels to be patched to maintain this semantic for the LTS release. Upstream kernels and future ubuntu kernels will not retain the broken semantic.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1560583 Title: reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN Status in linux package in Ubuntu: Fix Committed Status in linux source package in Xenial: Fix Committed Bug description: $ cat ./t #include <tunables/global> profile t { #include <abstractions/base> /bin/cat ixr, /sys/kernel/security/apparmor/profiles r, } $ sudo apparmor_parser -r ./t $ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles cat: /sys/kernel/security/apparmor/profiles: Permission denied [1] kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128): apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat" capability=33 capname="mac_admin" This is new in the -15 kernel. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp