← Back to team overview

touch-packages team mailing list archive

[Bug 1403968] Re: umount options are incorrectly treated as mount options

 

Hi Serge - I think it is still a possibility in the wily time frame.

Also, I've just confirmed that nobody snuck a fix into the 2.10 release.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1403968

Title:
  umount options are incorrectly treated as mount options

Status in AppArmor:
  Triaged
Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  apparmor_parser is treating options on umount rules as mount options.
  The flags used in mount(2) are entirely different than the flags used
  in umount2() and apparmor_parser knows nothing about the umount2()
  flags (MNT_FORCE, MNT_DETACH, MNT_EXPIRE, UMOUNT_NOFOLLOW).

  This can be demonstrated by trying to compile a policy, with
  apparmor_parser version 2.9.1, containing a umount rule that is
  conditional on the "force" option:

    $ echo "/t { umount options=force, }" | ./apparmor_parser -qQ; echo $?
      unsupported mount options
    1

  Now we'll use a mount flag in the umount rule:

    $ echo "/t { umount options=nosuid, }" | ./apparmor_parser -qQ; echo $?
    0

  The umount rule with a umount option fails to compile but the umount
  rule with a mount option compiles. This is not the intended behavior
  and it should be the other way around.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1403968/+subscriptions


References