Public bug reported:
When using apparmor variables for the mountpoint in mount rules, the
parser will parse the rule but the kernel blocks it.
Eg, this works:
# works
mount -> /home/*/mnt/,
This doesn't:
mount -> @{HOME}/mnt/,
audit: type=1400 audit(1470943929.750:482): apparmor="DENIED"
operation="mount" info="failed mntpnt match" error=-13 profile="test"
name="/home/jamie/mnt/" pid=25573 comm="fusexmp" fstype="fuse.fusexmp"
srcname="fusexmp" flags="rw, nosuid, nodev"
I did not test the srcname. Attached is a reproducer and profile.
$ mkdir ~/mnt
$ gcc -Wall ./fusexmp.c `pkg-config fuse --cflags --libs` -o fusexmp
$ sudo apparmor_parser -r /tmp/apparmor.profile && sudo aa-exec -p test
./fusexmp ~/mnt
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1612393
Title:
mount -> @{HOME}/... denial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1612393/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
