group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #07059
[Bug 1615890] Re: stacking to unconfined in a child namespace confuses mediation
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status: New => Fix Committed
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1615890
Title:
stacking to unconfined in a child namespace confuses mediation
Status in AppArmor:
New
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Incomplete
Bug description:
when viewing a stack involving unconfined from across a ns boundary
the mode is reported as mixed.
Eg.
lxc-container-default//&:lxdns1://unconfined (mixed)
This is because the unconfined profile is in the special unconfined
mode. Which will result in a (mixed) mode for any stack with profiles
in enforcing or complain mode.
This can however lead to confusion as to what mode is being used as
mixed is also used for enforcing stacked with complain, and This can
also currently messes up mediation of trusted helpers like dbus.
Since unconfined doesn't affect the stack just special case it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1615890/+subscriptions
