To answer the question posed on IRC. I do not know at this time if any fix to this will be SRUed to Xenial.
A proper generic fix will require a new userspace api. The owner conditional can not be properly generically answered without subject context. This api can be fixed for the inquiring tasks subject querying against the the object, but the the generic case of querying where an external helper task H needs to query whether task A with profile P can access file F can not be fixed with the current api. Fixing the query using the subjects task is possible to SRU Xenial. The generic fix of a new API will not be SRUed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1620635 Title: libapparmor's aa_query_label() always returns allowed = 0 for file rules containing the "owner" conditional To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1620635/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
