mirrors/passt
1
0
Fork 0
mirror of https://passt.top/passt synced 2025-04-29 14:48:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

apparmor: Fix passt abstraction

Browse source 
Commit b686afa2 introduced the invalid apparmor rule
`mount options=(rw, runbindable) /,` since runbindable mount rules
cannot have a source.

Therefore running aa-logprof/aa-genprof will trigger errors (see
2065685)

    $ sudo aa-logprof
    ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')

This patch fixes it to the intended behavior.

Link: 2065685
Fixes: b686afa23e ("apparmor: Explicitly pass options we use while remounting root filesystem")
Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Maxime Bélair 2024-05-17 13:50:54 +02:00 committed by Stefano Brivio
parent 6cdc9fd51b
commit 3ff3a8a467
1 changed files with 1 additions and 1 deletions

2
contrib/apparmor/abstractions/passt
View file

@ -26,7 +26,7 @@
capability sys_ptrace, capability sys_ptrace,
/ r, # isolate_prefork(), isolation.c / r, # isolate_prefork(), isolation.c
mount options=(rw, runbindable) /, mount options=(rw, runbindable) -> /,
mount "" -> "/", mount "" -> "/",
mount "" -> "/tmp/", mount "" -> "/tmp/",
pivot_root "/tmp/" -> "/tmp/", pivot_root "/tmp/" -> "/tmp/",