[Desktop-packages] [Bug 1759084] Re: mysqld-akonadi profile does not support seccomp
** Description changed: The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with seccomp in general and the no_new_privs bit specifically, because it includes a profile transition. I came across this when I tried to write a profile for the Firejail sandbox, and had to omit everything seccomp related in order to not break Akonadi: - https://github.com/netblue30/firejail/blob/1bc84f3e53f66abf4ee246e89f20f72626a199de/etc/akonadi_control.profile + https://github.com/netblue30/firejail/blob/master/etc/akonadi_control.profile Would it be possible for you to replace access mode cx with ix here? Especially because the transition in usr.sbin.mysqld-akonadi seems to - not have been motivated by any administrative or security needs + not have been motivated by administrative or security needs Best regards, smitsohu -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to akonadi in Ubuntu. https://bugs.launchpad.net/bugs/1759084 Title: mysqld-akonadi profile does not support seccomp Status in AppArmor: New Status in akonadi package in Ubuntu: New Bug description: The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with seccomp in general and the no_new_privs bit specifically, because it includes a profile transition. I came across this when I tried to write a profile for the Firejail sandbox, and had to omit everything seccomp related in order to not break Akonadi: https://github.com/netblue30/firejail/blob/master/etc/akonadi_control.profile Would it be possible for you to replace access mode cx with ix here? Especially because the transition in usr.sbin.mysqld-akonadi seems to not have been motivated by administrative or security needs Best regards, smitsohu To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1759084/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1759084] Re: mysqld-akonadi profile does not support seccomp
** Attachment added: "proposal for usr.sbin.mysqld-akonadi" https://bugs.launchpad.net/ubuntu/+source/akonadi/+bug/1759084/+attachment/5092388/+files/draft%20usr.sbin.mysqld-akonadi -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to akonadi in Ubuntu. https://bugs.launchpad.net/bugs/1759084 Title: mysqld-akonadi profile does not support seccomp Status in AppArmor: New Status in akonadi package in Ubuntu: New Bug description: The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with seccomp in general and the no_new_privs bit specifically, because it includes a profile transition. I came across this when I tried to write a profile for the Firejail sandbox, and had to omit everything seccomp related in order to not break Akonadi: https://github.com/netblue30/firejail/blob/1bc84f3e53f66abf4ee246e89f20f72626a199de/etc/akonadi_control.profile Would it be possible for you to replace access mode cx with ix here? Especially because the transition in usr.sbin.mysqld-akonadi seems to not have been motivated by any administrative or security needs Best regards, smitsohu To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1759084/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1759084] Re: mysqld-akonadi profile does not support seccomp
** Also affects: akonadi (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to akonadi in Ubuntu. https://bugs.launchpad.net/bugs/1759084 Title: mysqld-akonadi profile does not support seccomp Status in AppArmor: New Status in akonadi package in Ubuntu: New Bug description: The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with seccomp in general and the no_new_privs bit specifically, because it includes a profile transition. I came across this when I tried to write a profile for the Firejail sandbox, and had to omit everything seccomp related in order to not break Akonadi: https://github.com/netblue30/firejail/blob/1bc84f3e53f66abf4ee246e89f20f72626a199de/etc/akonadi_control.profile Would it be possible for you to replace access mode cx with ix here? Especially because the transition in usr.sbin.mysqld-akonadi seems to not have been motivated by any administrative or security needs Best regards, smitsohu To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1759084/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
