Public bug reported: [ Impact ]
fusermount3 lacked permissions to mount with noatime, which is needed to use fuse_overlayfs. [ Test Plan ] After installation of the new AppArmor version, the machine might need to be rebooted. If a reboot between installation and test plan execution is needed for a test to pass, please mention it in the test plan execution notes so that we can determine if this is cause for verification test failure, expected behavior, or the result of an unrelated bug that we are not attempting to fix with this SRU. * Install fuse-overlayfs * Inside the home directory, make folders "lower", "upper", "work", and "mountpoint" * Mount a fuse-overlayfs with `fuse-overlayfs -o lowerdir=lower,upperdir=upper,workdir=work mountpoint` * Without the fix: the mount fails and apparmor generates a log reporting "failed flags match" * With the fix: the mount should succeed [ Where problems could occur ] Allowing noatime mount flags for fusermount3 is loosening confinement on a profile. However, if a user manually modified the installed profiles, then the package upgrade would cause conflicts, and rejection of the incoming changes (either by hand during an interactive upgrade or automatically during an batch unattended upgrade) would result in end users not getting the packaged fix. [ Other Info ] This issue was originally reported at https://gitlab.com/apparmor/apparmor/-/merge_requests/1673. ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2110626 Title: apparmor fusermount3 profile disallows noatime flag, breaking fuse- overlayfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2110626/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
