Public bug reported: Hi, we looked into a discussion [1] which was triggered by [2]. For Ubunutu all these features existed for quite a while, so since [3] we had [4].
So I was looking into dropping [4] later on in favor of the fix in [1]. But while doing so I was puzzles why things even work. I discussed with jjohansen and ptrace rules should have a traced and trace "end" of the rule. Our old change was not as restrictive as the better change now suggested, but it had both ends. While quickly trying to check on this we found that it actually works with just one side of the rules, but it shouldn't. Jjohansen said he will look into that and get back to us, this bug is to allow everybody involved to track this. [1]: https://www.redhat.com/archives/libvir-list/2017-September/msg00844.html [2]: https://bugzilla.suse.com/show_bug.cgi?id=1058847 [3]: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611 [4]: https://git.launchpad.net/~libvirt-maintainers/ubuntu/+source/libvirt/commit/?h=ubuntu/artful-3.6&id=f614b472657d93e1f6c62afaf6a887bd38384a97 ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1719471 Title: ptrace doesnt't trigger/work as expected Status in apparmor package in Ubuntu: New Bug description: Hi, we looked into a discussion [1] which was triggered by [2]. For Ubunutu all these features existed for quite a while, so since [3] we had [4]. So I was looking into dropping [4] later on in favor of the fix in [1]. But while doing so I was puzzles why things even work. I discussed with jjohansen and ptrace rules should have a traced and trace "end" of the rule. Our old change was not as restrictive as the better change now suggested, but it had both ends. While quickly trying to check on this we found that it actually works with just one side of the rules, but it shouldn't. Jjohansen said he will look into that and get back to us, this bug is to allow everybody involved to track this. [1]: https://www.redhat.com/archives/libvir-list/2017-September/msg00844.html [2]: https://bugzilla.suse.com/show_bug.cgi?id=1058847 [3]: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611 [4]: https://git.launchpad.net/~libvirt-maintainers/ubuntu/+source/libvirt/commit/?h=ubuntu/artful-3.6&id=f614b472657d93e1f6c62afaf6a887bd38384a97 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1719471/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
