touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #92862
[Bug 1403968] Re: umount options are incorrectly treated as mount options
Hi Serge - I think it is still a possibility in the wily time frame.
Also, I've just confirmed that nobody snuck a fix into the 2.10 release.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1403968
Title:
umount options are incorrectly treated as mount options
Status in AppArmor:
Triaged
Status in apparmor package in Ubuntu:
Triaged
Bug description:
apparmor_parser is treating options on umount rules as mount options.
The flags used in mount(2) are entirely different than the flags used
in umount2() and apparmor_parser knows nothing about the umount2()
flags (MNT_FORCE, MNT_DETACH, MNT_EXPIRE, UMOUNT_NOFOLLOW).
This can be demonstrated by trying to compile a policy, with
apparmor_parser version 2.9.1, containing a umount rule that is
conditional on the "force" option:
$ echo "/t { umount options=force, }" | ./apparmor_parser -qQ; echo $?
unsupported mount options
1
Now we'll use a mount flag in the umount rule:
$ echo "/t { umount options=nosuid, }" | ./apparmor_parser -qQ; echo $?
0
The umount rule with a umount option fails to compile but the umount
rule with a mount option compiles. This is not the intended behavior
and it should be the other way around.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1403968/+subscriptions
References