Public bug reported:
I think the 'a' append mode may not be useful.
Including 'a' in a profile is insufficient for writing to the file, at
least on 3.13.0-77-generic.
Here's a sample profile:
#include <tunables/global>
/home/sarnold/demos/append flags=(complain) {
#include <abstractions/base>
/home/sarnold/demos/append mr,
/home/sarnold/demos/testing a,
}
And I'll attach a sample program shortly.
When using O_APPEND | O_WRONLY:
If the file exists, denied_mask="w"
If the file doesn't exist, open() fails, no AA involvement
When using O_APPEND | O_WRONLY | O_CREAT:
No change when the file does or doesn't exist: denied_mask="c",
denied_mask="w"
(When using enforce mode instead of complain mode, only denied_mask="c"
gets logged; the open(2) fails and the write(2) is never called.)
$ rm testing
rm: cannot remove ‘testing’: No such file or directory
$ ./append append wronly ; ls -l testing
open: No such file or directory
ls: cannot access testing: No such file or directory
$ ./append append wronly creat ; ls -l testing
open: Permission denied
ls: cannot access testing: No such file or directory
$ ./append append rdwr ; ls -l testing
open: No such file or directory
ls: cannot access testing: No such file or directory
$ ./append append rdwr creat ; ls -l testing
open: Permission denied
ls: cannot access testing: No such file or directory
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor 2.8.95~2430-0ubuntu5.3
ProcVersionSignature: Ubuntu 3.13.0-77.121-generic 3.13.11-ckt32
Uname: Linux 3.13.0-77-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Feb 11 15:55:45 2016
InstallationDate: Installed on 2012-10-18 (1211 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64
(20120823.1)
KernLog:
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.13.0-77-generic
root=UUID=7b8c2e1b-d2e6-47d9-9030-c078e9701a1d ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: Upgraded to trusty on 2014-04-12 (670 days ago)
modified.conffile..etc.apparmor.d.abstractions.ubuntu.browsers.d.text.editors:
[modified]
mtime.conffile..etc.apparmor.d.abstractions.ubuntu.browsers.d.text.editors:
2013-03-26T13:10:49
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1544791
Title:
Is append mode useful?
Status in apparmor package in Ubuntu:
New
Bug description:
I think the 'a' append mode may not be useful.
Including 'a' in a profile is insufficient for writing to the file, at
least on 3.13.0-77-generic.
Here's a sample profile:
#include <tunables/global>
/home/sarnold/demos/append flags=(complain) {
#include <abstractions/base>
/home/sarnold/demos/append mr,
/home/sarnold/demos/testing a,
}
And I'll attach a sample program shortly.
When using O_APPEND | O_WRONLY:
If the file exists, denied_mask="w"
If the file doesn't exist, open() fails, no AA involvement
When using O_APPEND | O_WRONLY | O_CREAT:
No change when the file does or doesn't exist: denied_mask="c",
denied_mask="w"
(When using enforce mode instead of complain mode, only
denied_mask="c" gets logged; the open(2) fails and the write(2) is
never called.)
$ rm testing
rm: cannot remove ‘testing’: No such file or directory
$ ./append append wronly ; ls -l testing
open: No such file or directory
ls: cannot access testing: No such file or directory
$ ./append append wronly creat ; ls -l testing
open: Permission denied
ls: cannot access testing: No such file or directory
$ ./append append rdwr ; ls -l testing
open: No such file or directory
ls: cannot access testing: No such file or directory
$ ./append append rdwr creat ; ls -l testing
open: Permission denied
ls: cannot access testing: No such file or directory
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor 2.8.95~2430-0ubuntu5.3
ProcVersionSignature: Ubuntu 3.13.0-77.121-generic 3.13.11-ckt32
Uname: Linux 3.13.0-77-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Feb 11 15:55:45 2016
InstallationDate: Installed on 2012-10-18 (1211 days ago)
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64
(20120823.1)
KernLog:
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.13.0-77-generic
root=UUID=7b8c2e1b-d2e6-47d9-9030-c078e9701a1d ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: Upgraded to trusty on 2014-04-12 (670 days ago)
modified.conffile..etc.apparmor.d.abstractions.ubuntu.browsers.d.text.editors:
[modified]
mtime.conffile..etc.apparmor.d.abstractions.ubuntu.browsers.d.text.editors:
2013-03-26T13:10:49
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1544791/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
