[Kernel-packages] [Bug 1615895] Re: apparmor module parameters can be changed after the policy is locked

Christian Boltz Thu, 13 Oct 2016 15:00:11 -0700

** Tags added: aa-kernel

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1615895


Title:
  apparmor module parameters can be changed after the policy is locked

Status in AppArmor:
  New
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released

Bug description:
  the policy_lock parameter is a one way switch that prevents policy            
  
  from being further modified. Unfortunately some of the module parameters      
  
  can effectively modify policy by turning off enforcement.                     
  
                                                                                
  
  split policy_admin_capable into a view check and a full admin check,          
  
  and update the admin check to test the policy_lock parameter.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1615895/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1615895] Re: apparmor module parameters can be changed after the policy is locked

Reply via email to