FS#60069 - [apparmor] Doesn't allow named profiles without attachment
Attached to Project:
Community Packages
Opened by somewhere15 (somewhere15) - Saturday, 15 September 2018, 20:43 GMT
Last edited by David Runge (dvzrv) - Tuesday, 02 October 2018, 21:56 GMT
Opened by somewhere15 (somewhere15) - Saturday, 15 September 2018, 20:43 GMT
Last edited by David Runge (dvzrv) - Tuesday, 02 October 2018, 21:56 GMT
|
Details
Description:
AppArmor doesn't allow named profiles without attachment due to a regression in 2.13, which is causing many profiles to break suck as firejail-default. Additional info: AppArmor version: apparmor 2.13.0-4. I'm using linux-hardened: 4.18.7.a-1-hardened. Steps to reproduce: 1- Compile firejail with AppArmor support. 2- Enable the firejail AppArmor profile by executing sudo aa-enforce firejail-default. 3- AppArmor will throw the following error: "ERROR: Path doesn't start with / or variable: firejail-default" To fix this, a patch was released here: https://gitlab.com/apparmor/apparmor/merge_requests/142 |
This task depends upon
Closed by David Runge (dvzrv)
Tuesday, 02 October 2018, 21:56 GMT
Reason for closing: Upstream
Additional comments about closing: Firejail seems to work as intended: https://github.com/netblue30/firejail/is sues/2116#issuecomment-422054973
Apparmor might ship something that fixes other arbitrary things in an upcoming release: https://gitlab.com/apparmor/apparmor/mer ge_requests/142
Tuesday, 02 October 2018, 21:56 GMT
Reason for closing: Upstream
Additional comments about closing: Firejail seems to work as intended: https://github.com/netblue30/firejail/is sues/2116#issuecomment-422054973
Apparmor might ship something that fixes other arbitrary things in an upcoming release: https://gitlab.com/apparmor/apparmor/mer ge_requests/142
Additionally: What are the "many profiles", that you claim are breaking?
Firejail is currently in the AUR (which means unsupported). If indeed any other (shipped) profiles break, reopen this ticket.
I see no reason to include the upstream patch, if there is no problem with any supported package in conjunction with apparmor.
[1] https://github.com/netblue30/firejail/issues/2116