Hi All, I have created an apparmor profile for the process which does mount/umount based on certain conditions. The process is running as a "non-root" user with limited Linux Capabilities.
As per (man 7 capabilities) CAP_SYS_ADMIN is required for mount and unmount operations. While the process runs as enforce mode, I am observing the mount issue saying that "must be a superuser to mount '' and "must be superuser to unmount" for mount and unmount operations. My operating system runs on util-linux. Query: -> Since we have required CAPs CAP_SYS_ADMIN in the profile and it applied to the process as well but still observing that mount and unmount fails [ "must be superuser to mount" and "must be superuser to unmount" ]. -> Does mount/umount restriction is done by util-linux package? As per our understanding CAP_SYS_ADMIN (capable) check would be taken care of in Kernel code. It looks like user space (util-linux package) restricts this permission issue. Please clarify my understanding. -> What would be ideal options to resolve the issue ( "non-root" user does mount/umount operation ). Thanks Murali.S -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
