touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #83761
[Bug 1381713] Re: Support policy query interface for file
This technique looks quite promising. I have a few questions though:
1. if I do the aa_query_label() check followed by an open() call to read
it, am I open to the same race conditions as if I was relying on
access() to check permissions?
2. if the given path is a symlink, am I checking for permission to read
the symlink or the destination of the symlink, or both?
If this lets us replace the FD passing hack, I'd love to use it. I'm
just wondering how to safely use it in a race free manner.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
Status in AppArmor Linux application security framework:
Triaged
Status in Media Hub:
New
Status in Media Scanner v2:
New
Status in Thumbnail generator for all kinds of files:
New
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
This bug tracks the work needed to support querying if a label can
access a file. This is particularly useful with trusted helpers where
an application requests access to a file and the trusted helper does
something with it. For example, on Ubuntu when an app wants to play a
music file, it (eventually) goes through the media-hub service. The
media-hub service should be able to query if the app's policy has
access to the file.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1381713/+subscriptions