← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1560583] Re: reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN

 

This bug was fixed in the package linux - 4.4.0-16.32

---------------
linux (4.4.0-16.32) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1561727

  * fix thermal throttling due to commit "Thermal: initialize thermal zone
    device correctly"  (LP: #1561676)
    - Thermal: Ignore invalid trip points

  * Thinkpad T460: Trackpoint mouse buttons instantly generate "release" event
    on press (LP: #1553811)
    - SAUCE: (noup) Input: synaptics - handle spurious release of trackstick
      buttons, again

  * reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
    (LP: #1560583)
    - SAUCE: apparmor: Allow ns_root processes to open profiles file
    - SAUCE: apparmor: Consult sysctl when reading profiles in a user ns

  * linux: sync virtualbox drivers to 5.0.16-dfsg-2 (LP: #1561492)
    - ubuntu: vbox -- update to 5.0.16-dfsg-2

  * s390/kconfig: CONFIG_NUMA without CONFIG_NUMA_EMU does not make any sense on
    s390x (LP: #1557690)
    - [Config] CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=n for s390x

  * spl/zfs fails to build on s390x (LP: #1519814)
    - [Config] s390x -- re-enable zfs
    - [Config] zfs -- disable powerpc until the test failures can be resolved

  * linux: sync to ZFS 0.6.5.6 stable release (LP: #1561483)
    - SAUCE: (noup) Update spl to 0.6.5.6-0ubuntu1, zfs to 0.6.5.6-0ubuntu1

  * zfs: enable zfs for 64bit powerpc kernels (LP: #1558871)
    - [Packaging] zfs -- handle rprovides via dpkg-gencontrol
    - [Config] powerpc -- convert zfs configuration to custom_override

  * Memory arena corruption with FUSE (was Memory allocation failure crashes
    kernel hard, presumably related to FUSE) (LP: #1505948)
    - SAUCE: (noup) fuse: do not use iocb after it may have been freed
    - SAUCE: (noup) fuse: Add reference counting for fuse_io_priv

  * cgroup namespaces: add a 'nsroot=' mountinfo field (LP: #1560489)
    - SAUCE: (noup) cgroup namespaces: add a 'nsroot=' mountinfo field

  * linux packaging: clear remaining redundant delta (LP: #1560445)
    - [Debian] Remove generated intermediate files on clean

  * arm64: guest hangs when ntpd is running (LP: #1549494)
    - Revert "hrtimer: Add support for CLOCK_MONOTONIC_RAW"
    - Revert "hrtimer: Catch illegal clockids"
    - Revert "KVM: arm/arm64: timer: Switch to CLOCK_MONOTONIC_RAW"

  * Need enough contiguous memory to support GICv3 ITS table (LP: #1558828)
    - [Config] CONFIG_FORCE_MAX_ZONEORDER=13 on arm64
    - SAUCE: (no-up) arm64: gicv3: its: Increase FORCE_MAX_ZONEORDER for Cavium
      ThunderX

  * update arcmsr to version v1.30.00.22-20151126 to fix card timeouts
    (LP: #1559609)
    - arcmsr: fixed getting wrong configuration data
    - arcmsr: fixes not release allocated resource
    - arcmsr: make code more readable
    - arcmsr: adds code to support new Areca adapter ARC1203
    - arcmsr: changes driver version number
    - arcmsr: more readability improvements
    - arcmsr: Split dma resource allocation to a new function
    - arcmsr: change driver version to v1.30.00.22-20151126

  * server image has no keyboard, desktop image works (LP: #1559692)
    - [Config] Rework input-modules (d-i) list

  * PMU support for Cavium ThunderX (LP: #1559349)
    - arm64: perf: Rename Cortex A57 events
    - arm64/perf: Add Cavium ThunderX PMU support
    - arm64: perf: Enable PMCR long cycle counter bit
    - arm64: perf: Extend event mask for ARMv8.1
    - arm64: dts: Add Cavium ThunderX specific PMU

  * Show ARM PMU events in perf stat (LP: #1559350)
    - drivers/perf: kill armpmu_register
    - arm: perf: Convert event enums to #defines
    - arm: perf: Add event descriptions
    - arm64: perf: Convert event enums to #defines
    - arm64: perf: Add event descriptions
    - ARM: perf: add format entry to describe event -> config mapping
    - arm64: perf: add format entry to describe event -> config mapping

  * [Bug]HSW/BDW EDAC driver reports wrong DIMM (LP: #1559904)
    - EDAC/sb_edac: Fix computation of channel address

  * 5-10 second delay in kernel boot with kernel command line ip= (LP: #1259861)
    - [Config] disable CONFIG_IP_PNP

  * Miscellaneous Ubuntu changes
    - [Debian] Silence the reconstruct script

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Mon, 21 Mar 2016 10:15:31
-0600

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1560583

Title:
  reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  $ cat ./t
  #include <tunables/global>

  profile t {
     #include <abstractions/base>
     /bin/cat ixr,
     /sys/kernel/security/apparmor/profiles r,
  }

  $ sudo apparmor_parser -r ./t
  $ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles 
  cat: /sys/kernel/security/apparmor/profiles: Permission denied
  [1]

  kernel: [   62.203035] audit: type=1400 audit(1458665428.726:128):
  apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat"
  capability=33  capname="mac_admin"

  This is new in the -15 kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions