Comment 3 for bug 1791711
Revision history for this message
| John Johansen (jjohansen) wrote Re: path-based AppArmor controls for snap-confine are ineffective | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
Indeed currently if pivot root is allowed it can be used to subvert apparmor policy. This is a known issue to apparmor upstream. There are plans to fix this in apparmor upstream. At the moment there is nothing snappy can do except maybe move from pivot_root to chroot which is currently better handled by apparmor.