[Kernel-packages] [Bug 1678032] [NEW] apparmor: does not provide a way to detect policy updataes

Fri, 31 Mar 2017 02:56:13 -0700 

Public bug reported:

User space trusted helpers have no way to detect when policy changes
have been loaded into the kernel. This prevents the applications from
being able to cache permission queries. Currently trusted helpers have
not done caching (wish list feature), however the gsetting proxy
requires userspace caching of permissions due to how gsettings proxy has
to work.

This means that policy loads result in stale gsettings policy to results
in incorrect mediation.

Add a revision file to the apparmorfs interface that allows detection of
the current revision number for apparmor policy. This file can be read
like a pipe, or used via poll, which is sufficient for the gsettings
proxy detect changes and invalidate its cache.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Xenial)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Yakkety)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Zesty)
     Importance: Undecided
         Status: New

** Also affects: linux (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1678032

Title:
  apparmor: does not provide a way to detect policy updataes

Status in linux package in Ubuntu:
  New
Status in linux source package in Xenial:
  New
Status in linux source package in Yakkety:
  New
Status in linux source package in Zesty:
  New

Bug description:
  User space trusted helpers have no way to detect when policy changes
  have been loaded into the kernel. This prevents the applications from
  being able to cache permission queries. Currently trusted helpers have
  not done caching (wish list feature), however the gsetting proxy
  requires userspace caching of permissions due to how gsettings proxy
  has to work.

  This means that policy loads result in stale gsettings policy to
  results in incorrect mediation.

  Add a revision file to the apparmorfs interface that allows detection
  of the current revision number for apparmor policy. This file can be
  read like a pipe, or used via poll, which is sufficient for the
  gsettings proxy detect changes and invalidate its cache.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1678032/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to