diff options
| author | Maxime Bélair <maxime.belair@canonical.com> | 2024-05-17 13:50:54 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2024-05-22 23:16:27 +0200 |
| commit | 3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2 (patch) | |
| tree | 6fc7debe3d7e69e55e507d9a85c03408a696463d | |
| parent | 6cdc9fd51bf65a811e0856056193d7bb076c4b0f (diff) | |
| download | passt-3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2.tar passt-3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2.tar.gz passt-3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2.tar.bz2 passt-3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2.tar.lz passt-3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2.tar.xz passt-3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2.tar.zst passt-3ff3a8a467fff1d4b234949e4dd3db618a9f8ed2.zip | |
apparmor: Fix passt abstraction
Commit b686afa2 introduced the invalid apparmor rule
`mount options=(rw, runbindable) /,` since runbindable mount rules
cannot have a source.
Therefore running aa-logprof/aa-genprof will trigger errors (see
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685)
$ sudo aa-logprof
ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')
This patch fixes it to the intended behavior.
Link: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685
Fixes: b686afa23e85 ("apparmor: Explicitly pass options we use while remounting root filesystem")
Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | contrib/apparmor/abstractions/passt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt index 61ec32c..d245115 100644 --- a/contrib/apparmor/abstractions/passt +++ b/contrib/apparmor/abstractions/passt @@ -26,7 +26,7 @@ capability sys_ptrace, / r, # isolate_prefork(), isolation.c - mount options=(rw, runbindable) /, + mount options=(rw, runbindable) -> /, mount "" -> "/", mount "" -> "/tmp/", pivot_root "/tmp/" -> "/tmp/", |