** Changed in: apparmor (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065685
Title:
aa-logprof fails with 'runbindable' error
To manage notifications
@Christian Thank you for pointing this out. After investigation, I found
that this bug stems from the following restriction not being implemented
consistently in aa-* and apparmor_parser.
> $ man 2 mount
>
> If mountflags includes one of MS_SHARED, MS_PRIVATE, MS_SLAVE, or
> MS_UNBINDABLE
I'm afraid apparmor_parser is not fully aware of this restriction.
# cat foo
/usr/bin/foo {
# mount options=(rw, runbindable) / -> /bar, # causes error
mount options=(rw, runbindable) -> /bar, # accepted as valid (as
expected)
mount options=(rw, runbindable) /, #
So, the error was related to passt, not apparmor. This is because it
uses an incorrect rule in abstractions/passt.
By design, rules containing some options, such as runbindable, cannot
include a source.
I just sent the following patch for passt that should solve your issue
ubuntu@srv-9vqc0:~$ sudo grep -r "runbindable*/*" /etc/apparmor.d
/etc/apparmor.d/abstractions/passt: mount options=(rw, runbindable) /,
ubuntu@srv-9vqc0:~$ sudo aa-logprof
ERROR: Operation {'runbindable'} cannot have a source. Source =
AARE('/')
HTH
--
You received this bug notification
I have implemented a patch for this issue, but before submitting it, I
want to understand its origin to determine if other edge cases need to
be addressed.
Do you know which profile created this issue?
Perhaps running sudo grep -r "runbindable*/*" /etc/apparmor.d could help
identify the source
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Maxime Bélair (mbelair)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065685
Title:
aa-logprof fails with 'runbindable' error
To
