@rikka0w0 are you willing to test a kernel patch for this issue?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784499
Title:
AppArmor treats regular NFS file access as network op
To manage
Yes, unfortunately the network work was deferred, its still a wip but is
not scheduled as a work item for the cycle. With that said we still hope
to get this fixed, I just can't promise it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
This bug still exists in the latest Ubuntu 22.04 Live image. When I
netboot the image and apply another lower layer (NFS-based), I still
get "nfs rpc call returned error 13" in my dmesg. Intensive google
searching lead me to this thread. This bug causes the Firefox (provided
via snap) not
FWIW, I still see this on a fresh Ubuntu 20.04 install. My NFS server is
also Ubuntu 20.04.
Linux server01 5.4.0-37-generic #41-Ubuntu SMP Wed Jun 3 18:57:02 UTC
2020 x86_64 x86_64 x86_64 GNU/Linux
[1129462.984558] audit: type=1400 audit(1592950067.469:72821):
apparmor="DENIED"
With that said, some networking work is being done this cycle and we
will try to address this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784499
Title:
AppArmor treats regular NFS file access
zyga well patches are welcome ;-)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784499
Title:
AppArmor treats regular NFS file access as network op
To manage notifications about this bug go to:
I'm marking this bug as a property (good or bad is in the eye of the
beholder) of the kernel stack. The snapd project cannot do anything
about it.
** Changed in: apparmor
Status: New => Confirmed
** Changed in: snapd
Status: New => Invalid
--
You received this bug notification
** Also affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784499
Title:
AppArmor treats regular NFS file access as network op
To manage
** Also affects: apparmor
Importance: Undecided
Status: New
** No longer affects: apparmor
** Also affects: snapd
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks for looking into this Markus. I'm surprised that the kernel
pieces needed to make this work as expected have yet to be fully
integrated.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784499
See also
https://lists.ubuntu.com/archives/apparmor/2018-October/011823.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784499
Title:
AppArmor treats regular NFS file access as network op
To
AppArmor really should restrict NFS access only via the file-path rules,
not via the network rules, since if an application accesses a file via
NFS, all related network traffic is initiated and controlled by the
kernel (or by kernel helper processes like automount, rpc.gssd and
nfsidmap), and not
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784499
Title:
I have an additional test case that is perhaps more immediate.
Attempting to view a roff file in NFS directly:
$ man ./zlib.3
man: ./zlib.3: Permission denied
No manual entry for ./zlib.3
This fails despite the permissive "/** mrixwlk" rule in the AppArmor
profile. Similar output in
14 matches
Mail list logo