Public bug reported: Impact:
In AppArmor mediation, detached mounts are appearing as / when applying mount mediation, which is incorrect and leads to bad AppArmor policy being generated. In addition, the move_mount mediation is not being advertised to userspace, which denies the applications the possibility to respond accordingly. Fix: Fixed upstream by commit 8026e40608b4d552216d2a818ca7080a4264bb44 by preventing move_mont from applying the attach_disconnected flag. Testcase: Check if move_mount file is available in securityfs: $ cat /sys/kernel/security/apparmor/features/mount/move_mount detached Run upstream AppArmor mount tests, which include move_mount mediation. https://gitlab.com/apparmor/apparmor/-/blob/master/tests/regression/apparmor/mount.sh ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2052662 Title: move_mount mediation does not detect if source is detached Status in linux package in Ubuntu: New Bug description: Impact: In AppArmor mediation, detached mounts are appearing as / when applying mount mediation, which is incorrect and leads to bad AppArmor policy being generated. In addition, the move_mount mediation is not being advertised to userspace, which denies the applications the possibility to respond accordingly. Fix: Fixed upstream by commit 8026e40608b4d552216d2a818ca7080a4264bb44 by preventing move_mont from applying the attach_disconnected flag. Testcase: Check if move_mount file is available in securityfs: $ cat /sys/kernel/security/apparmor/features/mount/move_mount detached Run upstream AppArmor mount tests, which include move_mount mediation. https://gitlab.com/apparmor/apparmor/-/blob/master/tests/regression/apparmor/mount.sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2052662/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
