touch-packages team mailing list archive

Thread
Date

[Bug 595714] Re: aa-status doesn't report an application as unconfined when using path globbing

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Thu, 09 Oct 2014 20:46:08 -0000
Reply-to: Bug 595714 <595714@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags added: aa-tools

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/595714

Title:
  aa-status doesn't report an application as unconfined when using path
  globbing

Status in “apparmor” package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: apparmor

  If I do the following:
  $ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.evince
  $ evince &
  $ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.evince
  $ sudo aa-status

  I get:
  1 processes are unconfined but have a profile defined.
     /usr/bin/evince (1756)

  Good.

  If I do:
  $ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.firefox
  $ firefox &
  $ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox
  $ sudo aa-status

  I get:
  0 processes are unconfined but have a profile defined.

  This is because the firefox uses the following to define the pathname:
  /usr/lib/firefox-3.5.*/firefox { ... }

  aa-status should be updated to support path name globbing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/595714/+subscriptions