AppArmor fails to mediate deleted files
Bug #562056 reported by
John Johansen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Undecided
|
John Johansen | ||
Bug Description
The default behavior for AppArmor used to be to mediate deleted files.
This can now be controlled on a per profile basis but the field is
not defaulting to the correct value when path_flags is not specified.
This is causing regressions in profiles expecting deleted files to
be mediated by path instead of delegated.
CVE References
| Changed in linux (Ubuntu): | |
| assignee: | nobody → John Johansen (jjohansen) |
| status: | New → In Progress |
| Changed in linux (Ubuntu): | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux (Ubuntu): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package linux - 2.6.32-21.31
---------------
linux (2.6.32-21.31) lucid; urgency=low
[ Andy Whitcroft ]
* allow modules.builtin to be optional
* d-i: add mpt2sas to the message-modules udeb
- LP: #530361
[ Christopher James Halse Rogers ]
* SAUCE: Nouveau: Add quirk framework to disable acceleration
- LP: #544088, #546393
* SAUCE: Nouveau: Disable acceleration on MacBook Pros
- LP: #546393
* SAUCE: Nouveau: Disable acceleration on GeForce3 cards
- LP: #544088
* SAUCE: Nouveau: Disable acceleration on 6100 cards
- LP: #542950
[ Stefan Bader ]
* SAUCE: dma-mapping: Remove WARN_ON in dma_free_coherent
- LP: #458201
[ Surbhi Palande ]
* SAUCE: sync before umount to reduce time taken by ext4 umount
- LP: #543617
[ Upstream Kernel Changes ]
* tipc: Fix oops on send prior to entering networked mode (v3)
- CVE-2010-1187
* KVM: x86 emulator: Add Virtual-8086 mode of emulation
- LP: #561425
* KVM: x86 emulator: fix memory access during x86 emulation
- LP: #561425
* KVM: x86 emulator: Check IOPL level during io instruction emulation
- LP: #561425
* KVM: x86 emulator: Fix popf emulation
- LP: #561425
* KVM: Fix segment descriptor loading
- LP: #561425
* KVM: VMX: Update instruction length on intercepted BP
- LP: #561425
* KVM: VMX: Use macros instead of hex value on cr0 initialization
- LP: #561425
* KVM: SVM: Reset cr0 properly on vcpu reset
- LP: #561425
* KVM: VMX: Disable unrestricted guest when EPT disabled
- LP: #561425
* KVM: x86: disable paravirt mmu reporting
- LP: #561425
* AppArmor: Fix put of unassigned ns if aa_unpack fails
* AppArmor: Fix refcount bug when exec fails
- LP: #562063
* AppArmor: Take refcount on cxt->profile to ensure it remains a valid
reference
- LP: #367499
* AppArmor: fix typo in scrubbing environment variable warning
- LP: #562060
* AppArmor: fix regression by setting default to mediate deleted files
- LP: #562056
* AppArmor: fix refcount order bug that can trigger during replacement
- LP: #367499
* AppArmor: Make sure to unmap aliases for vmalloced dfas before they are
live
- LP: #529288
* AppArmor: address performance regression of replaced profile
- LP: #549428
* AppArmor: make the global side the correct type
- LP: #562047
* AppArmor: use the kernel shared workqueue to free vmalloc'ed dfas
* sky2: add register definitions for new chips
- LP: #537168
* sky2: 88E8059 support
- LP: #537168
* net: Fix Yukon-2 Optima TCP offload setup
- LP: #537168
* net: Add missing TST_CFG_WRITE bits around sky2_pci_write
- LP: #537168
* sky2: print Optima chip name
- LP: #537168
* (Upstream) dell-laptop: defer dell_rfkill_update to worker thread
- LP: #555261
* drm/nv40: add LVDS table quirk for Dell Latitude D620
- LP: #539730
-- Andy Whitcroft <email address hidden> Tue, 13 Apr 2010 18:50:58 +0100