[Kernel-packages] [Bug 1839037] Re: Stacked onexec transitions fail when under NO NEW PRIVS restrictions

[Stefan Bader]

** Changed in: linux (Ubuntu Bionic)
       Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Xenial)
       Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1839037

Title:
  Stacked onexec transitions fail when under NO NEW PRIVS restrictions

Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Xenial:
  Confirmed
Status in linux source package in Bionic:
  Confirmed

Bug description:
  running the apparmor nnp regression tests results in the following
  failure

  Error: transition failed. Test 'NNP (stack onexec - NNP)' was expected
  to 'pass'. Reason for failure 'FAIL - execv: Operation not permitted'

  with a log message of

  [ 1169.863302] audit: type=1400 audit(1565046042.144:280686):
  apparmor="DENIED" operation="exec" info="no new privs" error=-1
  profile="/home/jj/apparmor.git/tests/regression/apparmor/transition"
  name="/home/jj/apparmor.git/tests/regression/apparmor/open" pid=1888
  comm="transition" requested_mask="x" denied_mask="x" fsuid=0 ouid=1000
  target="/home/jj/apparmor.git/tests/regression/apparmor/open"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1839037/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp