Verified here on saucy, thanks! ** Tags removed: verification-needed-saucy ** Tags added: verification-done
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1236455 Title: Running tasks are not subject to reloaded policies Status in AppArmor Linux application security framework: Fix Released Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Saucy: Fix Committed Status in “linux” source package in Trusty: Fix Released Bug description: As of saucy, if you start /usr/bin/foo under an existing policy defined in /etc/apparmor.d/usr.bin.foo, then reload /etc/apparmor.d/usr.bin.foo with updated permissions, then the running tasks is not subject to the new permissions. A testcase is at http://people.canonical.com/~serge/aa_exec.tgz . This passes in precise, and fails in saucy. This came up in the libvirt regression testsuite. When it tries to virsh attach-device, then the existing libvirt task's policy must be updated to allow it to access the new device image file. The test fails with EACCESS trying to open the image file after loading the new policy. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1236455/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp