Ubuntu
apparmor package

  1. Bug #475619
  2. Comment #5

Comment 5 for bug 475619

Revision history for this message
Kees Cook (kees) wrote :

I can confirm that this fixes it for me. Thanks! My test was:

bug.c:
#include <stdio.h>
#include <unistd.h>

int main()
{
 printf("Started\n");
 system("./child");
 printf("Finished\n");
 return 0;
}

child.c:
#include <stdio.h>
#include <unistd.h>

int main()
{
 printf("Started child\n");
 sleep(10);
 system("cat /etc/motd");
 printf("Finished child\n");
 return 0;
}

/etc/apparmor.d/home.kees.bug:
#include <tunables/global>
/home/kees/bug flags=(complain) {
  #include <abstractions/base>
}

$ sudo aa-complain bug
$ ./bug & sleep 2; sudo /sbin/apparmor_parser -R /etc/apparmor.d/*bug