This problem is not solved with the change [ "$unconfined_users" = "NO"
] in the last comment.
If you look in the code, you see this:
check_userns() {
userns_restricted=$(sysctl -e -n
kernel.apparmor_restrict_unprivileged_userns)
unconfined_userns=$([ -f
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns ]
&& cat
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns ||
echo 0)
if [ -n "$userns_restricted" ] && [ "$userns_restricted" -eq 1 ]; then
if [ "$unconfined_userns" = "NO" ]; then
# userns restrictions rely on unconfined userns to be
supported
aa_action "disabling unprivileged userns restrictions
since unconfined userns is not supported / enabled" \
sysctl -w
kernel.apparmor_restrict_unprivileged_userns=0
fi
fi
}
And if you do a cat in
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
the value return to me is "yes". I thing with this, never the value from
the if [ "$unconfined_userns" = "NO" ] are a valid response, because the
value returned is "true" or "0" (zero in the code).
Please verify.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2102680
Title:
Installation of AppArmor on a 6.14 kernel produces error message
"Illegal number: yes"
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2102680/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
