Ubuntu
linux package

apparmor fs does not reflect 4.4 backport of mmap perms change

Bug #1830984 reported by Steve Beattie
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Won't Fix
Undecided
Unassigned

Bug Description

The upstream commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 was backported to the 4.4.x xenial kernel series to address CVE-2019-11190. However, the change introduces subtle changes to apparmor policy, including in the apparmor regression tests. A sysfs entry was added in later kernels to indicate this; 34c426acb75cc21bdf84685e106db0c1a3565057 upstream; this should be backported to the 4.4 kernels.

Steve Beattie (sbeattie)
Changed in linux (Ubuntu):
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

After discussion, it was decided that, because the addtional entry in the features directory will cause apparmor on the next boot to recompile all policy unnecessarily (because there won't be any actual policy changes) which can be a problem for low power devices, this patch will not be brought back to the 4.4.x kernel series.

Changed in linux (Ubuntu Xenial):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.