4.8.0-40.43-generic fixes this issue on yakkety.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
$ cat ./apparmor.profile
#include <tunables/global>
profile test {
#include <abstractions/base>
/bin/bash ixr,
/dev/pts/* rw,
/usr/bin/flock ixr,
# Not blocked:
# aa-exec -p test -- flock -w 1 /tmp/test.lock -c true
/tmp/test.lock rw,
}
$ sudo apparmor_parser -r ./apparmor.profile
$ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes
yes
$ ls -l /tmp/test.lock
-rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock
The flock command uses flock(LOCK_EX) and I expected it to be blocked
due to the lack of 'k'.
apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic
kernel on amd64.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
