So the problem with Alex's fix is that it makes a default allow profile available on the default install. Which is a security hole unless the apparmor_restrict_unprivileged_unconfined restriction is enabled, by default.
We tolerate the sbuild profile because it is not installed by default, and it really needs very broad privileges to work. Just like lxd etc installing it is assumed to accept some risk. On plucky we are trying to have apparmor_restrict_unprivileged_unconfined enabled by default but it is one of the features that had to be reverted on previous releases. The restriction is also currently disabled by LXD, meaning the default allow os-prober profile becomes an attack vector if the machine has LXD. In the current default state on plucky we should be okay, so I am not opposed to making this public. But we also need to be aware that there are potential security concerns. For now lets run with Alex's fix. The AppArmor team will look into developing a tighter os-prober profile than Alex's fix, so we have that available if needed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2099811 Title: Os-prober segmentation fault one message for each partition on same PC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2099811/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
