** Also affects: linux (Ubuntu Xenial)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1560583
Title:
reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Committed
Bug description:
$ cat ./t
#include <tunables/global>
profile t {
#include <abstractions/base>
/bin/cat ixr,
/sys/kernel/security/apparmor/profiles r,
}
$ sudo apparmor_parser -r ./t
$ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles
cat: /sys/kernel/security/apparmor/profiles: Permission denied
[1]
kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128):
apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat"
capability=33 capname="mac_admin"
This is new in the -15 kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
