Actually, it's simpler than that. The following three lines were
integrated back to "security/apparmor/domain.c" by error:
/* XXX: no_new_privs is not usable with AppArmor yet */
if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
return -EPERM;
Technically, these three lines were deprecated by commit c29bceb3.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1202161
Title:
seccomp filter: execve(): Operation not permitted
Status in “linux” package in Ubuntu:
Incomplete
Bug description:
=== System information ===
$ cat /proc/version_signature
Ubuntu 3.8.0-19.13-lowlatency 3.8.8
$ lsb_release -d
Description: Ubuntu 13.04
=== How to reproduce ===
$ gcc seccomp-filter.c
$ ./a.out
=== Expected output ===
OK
=== Actual output ===
execve(): Operation not permitted
status = -1
=== Extra information ===
This testcase works with "vanilla" kernels (tested: v3.8 & v3.10)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1202161/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
