[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apparmor-dev
Subject:    [apparmor] [Bug 979135] Re: change_profile requires separate permission rule to	access /proc interfa
From:       Steve Beattie <sbeattie () ubuntu ! com>
Date:       2012-04-13 17:46:56
Message-ID: 20120413174656.3942.29671.malone () wampee ! canonical ! com
[Download RAW message or body]

Committed in trunk revno 2030

** Changed in: apparmor
       Status: New => Fix Committed

** Changed in: apparmor
    Milestone: None => 2.8.0

** Changed in: apparmor
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/979135

Title:
  change_profile requires separate permission rule to access /proc
  interface

Status in AppArmor Linux application security framework:
  Fix Committed

Bug description:
  
  When a profile contains a rule granting permission to use the change_profile \
interface

    Eg.
    change_profile -> **,

  it is not enough permissions to actually use the interface, because write \
permission to access the interface at  /proc/self/attr/{current,exec} w,

  is also needed.

  If a change_profile rule is present it should imply that this
  permission is granted

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/979135/+subscriptions

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor


[prev in list] [next in list] [prev in thread] [next in thread]