When disabling AppArmor (boot option "apparmor=0"), seccomp-filter
works as expected. According to [0], commit 259e5e6c was integrated
in the Ubuntu kernel patch without its successor (commit c29bceb3).
However, they are dependant each other:
* commit 259e5e6c:
Note, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is
set and AppArmor is in use. It is fixed in a subsequent patch.
* commit c29bceb3:
Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS
Joseph: is it possible to officially add the subsequent patch (commit
c29bceb3) to the Ubuntu kernel patch?
[0] https://launchpad.net/ubuntu/+source/linux/3.8.0-19.29
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1202161
Title:
seccomp filter: execve(): Operation not permitted
Status in “linux” package in Ubuntu:
Incomplete
Bug description:
=== System information ===
$ cat /proc/version_signature
Ubuntu 3.8.0-19.13-lowlatency 3.8.8
$ lsb_release -d
Description: Ubuntu 13.04
=== How to reproduce ===
$ gcc seccomp-filter.c
$ ./a.out
=== Expected output ===
OK
=== Actual output ===
execve(): Operation not permitted
status = -1
=== Extra information ===
This testcase works with "vanilla" kernels (tested: v3.8 & v3.10)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1202161/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
