This bug was fixed in the package apparmor - 2.10.95-4ubuntu2
---------------
apparmor (2.10.95-4ubuntu2) yakkety; urgency=medium
* Drop the following change now that click-apparmor has been updated:
- Continue installing aa-exec into /usr/sbin/ for now since
click-apparmor's aa-exec-click autopkgtest expects it to be there
* debian/patches/allow-stacking-tests-to-use-system.patch,
debian/patches/r3430-allow-stacking-tests-to-use-system.patch: Replace
patch with the final version that landed upstream and annotate the patch
headers accordingly
* debian/patches/r3460-ignore-file-events-with-send-or-receive-request.patch:
Prevent an aa-logprof crash by ignoring file events that contains
send or receive in the request mask. (LP: #1577051, LP: #1582374)
* debian/patches/r3463-r3475-change-profile-exec-modes.patch: Allow policy
authors to specify if the environment should scrubbed during exec
transitions allowed by a change_profile rule. (LP: #1584069)
* debian/patches/r3478-make-overlapping-safe-and-unsafe-rules-conflict.patch:
Make sure that multiple change_profile rules with overlapping safe and
unsafe exec modes conflict when they share the same exec conditional
(LP: #1588069)
* debian/patches/r3479-create-fcitx-abstractions.patch: Include fcitx and
fcitx-strict abstractions that fcitx client profiles can reuse.
* debian/control: Do a conffile move of /etc/apparmor.d/abstractions/fcitx
from the fcitx-data to apparmor by setting up the correct Breaks and
Replaces.
* debian/patches/r3480-create-mozc-abstraction.patch: Include a mozc
abstraction that mozc client profiles can reuse.
* debian/patches/r3488-r3489-fix-racy-onexec-test.patch: Fix racy regression
test so that the kernel SRU process is not interrupted by the onexec.sh
periodically failing
* debian/patches/r3490-utils-handle-change-profile-exec-modes.patch: Update
the Python utilities to handle the new exec mode keywords in
change_profile rules. (LP: #1584069)
* debian/patches/r3492-allow-dbus-user-session-path.patch: Allow read/write
access to the dbus-user-session socket file. (LP: #1604872)
-- Tyler Hicks <tyhi...@canonical.com> Tue, 26 Jul 2016 23:03:05 -0500
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1588069
Title:
parser doesn't catch conflicting change_profile exec modes
(safe/unsafe)
Status in AppArmor:
Fix Committed
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
The ability to specify change_profile exec modes (safe/unsafe) is a
recently merged feature. A missing piece is that the parser doesn't
detect conflicting exec modes on the same exec condition. The
following profile should fail to compile:
/t {
change_profile safe /foo -> /bar,
change_profile unsafe /foo -> bar,
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1588069/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
