cross namespace ptrace should not be rejected by AppArmor
Bug #439560 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
John Johansen |
Bug Description
Today when doing iso testing I had one lone rejection:
type=APPARMOR_
I am not sure how to reproduce this, but I think that the libvirtd daemon tried to ptrace a kvm process because of the way I killed of the VM. Bottom line, libvirtd is in one namespace and all the confined VMs are in others. It doesn't appear to be a huge issue right now, but should be addressed in Ubuntu 10.04. If it causes problems in 9.10, we can SRU the fix.
To post a comment you must log in.
Assigning to John per IRC discussion.