← Back to team overview

touch-packages team mailing list archive

[Bug 1432045] Re: pivot_root audit modifier ignored when oldroot and newroot specified

 

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1432045

Title:
  pivot_root audit modifier ignored when oldroot and newroot specified

Status in AppArmor Linux application security framework:
  Confirmed
Status in apparmor package in Ubuntu:
  New

Bug description:
  $ echo "/t { pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
  422b222b6608dff7aca3420062aad3db  -
  $ echo "/t { audit pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
  422b222b6608dff7aca3420062aad3db  -
  $ echo "/t { audit deny pivot_root oldroot=/ /a, }" | apparmor_parser -qS | md5sum
  9e598c327781b16acdab2d3e939279ec  -

  Note that the audit modifier doesn't change the binary policy file but
  the audit deny modifier does.

  Also, the binary policy file changes as expected on "audit
  pivot_root," and "audit pivot_root oldroot=/,". That is, this bug only
  seems to happen when oldroot and newroot are both specified.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1432045/+subscriptions