← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #43734

[Bug 1403968] [NEW] umount options are incorrectly treated as mount options

  Thread PreviousDate PreviousThread Next 
Public bug reported:

apparmor_parser is treating options on umount rules as mount options.
The flags used in mount(2) are entirely different than the flags used in
umount2() and apparmor_parser knows nothing about the umount2() flags
(MNT_FORCE, MNT_DETACH, MNT_EXPIRE, UMOUNT_NOFOLLOW).

This can be demonstrated by trying to compile a policy, with
apparmor_parser version 2.9.1, containing a umount rule that is
conditional on the "force" option:

  $ echo "/t { umount options=force, }" | ./apparmor_parser -qQ; echo $?
    unsupported mount options
  1

Now we'll use a mount flag in the umount rule:

  $ echo "/t { umount options=nosuid, }" | ./apparmor_parser -qQ; echo $?
  0

The umount rule with a umount option fails to compile but the umount
rule with a mount option compiles. This is not the intended behavior and
it should be the other way around.

** Affects: apparmor
     Importance: Medium
         Status: Triaged

** Affects: apparmor (Ubuntu)
     Importance: Medium
         Status: Triaged


** Tags: aa-parser

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: apparmor (Ubuntu)
       Status: New => Triaged

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => Medium

** Tags added: aa-parser

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1403968

Title:
  umount options are incorrectly treated as mount options

Status in AppArmor Linux application security framework:
  Triaged
Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  apparmor_parser is treating options on umount rules as mount options.
  The flags used in mount(2) are entirely different than the flags used
  in umount2() and apparmor_parser knows nothing about the umount2()
  flags (MNT_FORCE, MNT_DETACH, MNT_EXPIRE, UMOUNT_NOFOLLOW).

  This can be demonstrated by trying to compile a policy, with
  apparmor_parser version 2.9.1, containing a umount rule that is
  conditional on the "force" option:

    $ echo "/t { umount options=force, }" | ./apparmor_parser -qQ; echo $?
      unsupported mount options
    1

  Now we'll use a mount flag in the umount rule:

    $ echo "/t { umount options=nosuid, }" | ./apparmor_parser -qQ; echo $?
    0

  The umount rule with a umount option fails to compile but the umount
  rule with a mount option compiles. This is not the intended behavior
  and it should be the other way around.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1403968/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next