← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #25837

[Bug 950921] Re: aa-enforce and aa-complain strip all flags instead of manipulating 'complain'

  Thread PreviousDate PreviousThread Next 
** Tags added: aa-tools

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/950921

Title:
  aa-enforce and aa-complain strip all flags instead of manipulating
  'complain'

Status in AppArmor Linux application security framework:
  Fix Committed
Status in “apparmor” package in Ubuntu:
  Fix Released

Bug description:
  If a profile contains flags other than 'complain', they are stripped
  out when using aa-enforce and aa-complain. Eg:

  If profile has:
  /usr/lib/chromium-browser/chromium-browser flags=(complain,attach_disconnected) {...}

  After 'sudo aa-enforce /etc/apparmor.d/usr.bin.chromium-browser' it now has:
  /usr/lib/chromium-browser/chromium-browser {...}

  If profile has:
  /usr/lib/chromium-browser/chromium-browser flags=(attach_disconnected) {...}

  After 'sudo aa-complain /etc/apparmor.d/usr.bin.chromium-browser' it now has:
  /usr/lib/chromium-browser/chromium-browser flags=(complain) {...}

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/950921/+subscriptions
  Thread PreviousDate PreviousThread Next