kernel-packages team mailing list archive

Thread
Date

[Bug 439560] Re: cross namespace ptrace should not be rejected by AppArmor

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Brad Figg <brad.figg@xxxxxxxxxxxxx>
Date: Mon, 24 Feb 2014 15:24:08 -0000
Reply-to: Bug 439560 <439560@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
lucid' to 'verification-done-lucid'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-lucid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/439560

Title:
  cross namespace ptrace should not be rejected by AppArmor

Status in “linux” package in Ubuntu:
  Fix Released

Bug description:
  Today when doing iso testing I had one lone rejection:
  type=APPARMOR_DENIED msg=audit(1254335664.040:117): operation="ptrace" info="different namespaces" error=-1 pid=2800 parent=1 profile="/usr/sbin/libvirtd" tracer=2800 tracee=32721

  I am not sure how to reproduce this, but I think that the libvirtd
  daemon tried to ptrace a kvm process because of the way I killed of
  the VM. Bottom line, libvirtd is in one namespace and all the confined
  VMs are in others. It doesn't appear to be a huge issue right now, but
  should be addressed in Ubuntu 10.04. If it causes problems in 9.10, we
  can SRU the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/439560/+subscriptions