[{"id":1761205,"web_url":"http://patchwork.ozlabs.org/comment/1761205/","msgid":"<20170831171307.cy2blqse3ksyptho@ubuntu-hedt>","list_archive_url":null,"date":"2017-08-31T17:13:07","subject":"APPLIED: [PATCH][Artful] UBUNTU: SAUCE: apparmor: fix apparmorfs DAC\n\taccess, permissions","submitter":{"id":6957,"url":"http://patchwork.ozlabs.org/api/people/6957/","name":"Seth Forshee","email":"seth.forshee@canonical.com"},"content":"On Thu, Aug 31, 2017 at 10:05:41AM -0700, John Johansen wrote:\n> The DAC access permissions for several apparmorfs files are wrong.\n> \n> .access - needs to be writable by all tasks to perform queries\n> the others in the set only provide a read fn so should be read only.\n> \n> With policy namespace virtualization all apparmor needs to control\n> the permission and visibility checks directly which means DAC\n> access has to be allowed for all user, group, and other.\n> \n> BugLink: http://bugs.launchpad.net/bugs/1713103\n> Signed-off-by: John Johansen <john.johansen@canonical.com>\n\nApplied to unstable/master, thanks!","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=<UNKNOWN>)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3xjpqM1yR0z9sPm;\n\tFri,  1 Sep 2017 03:13:19 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.76)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1dnT1n-0001SC-OY; Thu, 31 Aug 2017 17:13:15 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)\n\tid 1dnT1i-0001LD-5h\n\tfor kernel-team@lists.ubuntu.com; Thu, 31 Aug 2017 17:13:10 +0000","from mail-io0-f199.google.com ([209.85.223.199])\n\tby youngberry.canonical.com with esmtps\n\t(TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)\n\tid 1dnT1h-0003QI-QF\n\tfor kernel-team@lists.ubuntu.com; Thu, 31 Aug 2017 17:13:09 +0000","by mail-io0-f199.google.com with SMTP id 63so1585407ioe.1\n\tfor <kernel-team@lists.ubuntu.com>;\n\tThu, 31 Aug 2017 10:13:09 -0700 (PDT)","from localhost ([2605:a601:aa7:8920:11d3:9a52:115c:24fd])\n\tby smtp.gmail.com with ESMTPSA id\n\tg206sm63143iof.76.2017.08.31.10.13.07\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tThu, 31 Aug 2017 10:13:07 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:date:from:to:cc:subject:message-id:references\n\t:mime-version:content-disposition:in-reply-to:user-agent;\n\tbh=Dre+PtdAdyWbz6zQVspt0Bc7TZ+c5nE1qfDusoJNd1I=;\n\tb=te+KnawJzV1MrxjVSXtcDLWaNGLKQY1uIGJEGk5wRkq51VfTGDF5oMKdYRmpPMwi0r\n\tpwCDTsJhE0mMIU97PPRM7k1u7f/qD8v26T3BwPl7Wn9iw+Z9EZnuQfZqwstagSrXcuI4\n\tfUKXUBwWjg/igcOx+fvkt1Gp5mJQJzYailid2HB0xf7mVeaXSe0T1EqOU296PP+bK1Sd\n\trD9gieVQw2nTXmnopc6quIOkWOjn5hEtI1eQlyOHd/HSQye9baA9uXkOycWIFN784/hJ\n\tuTQdI5SUJrbe23a0wg9QApd2Aw2UeXJhVY0IvuGHIwnlzcsd1VdmECv5zvRo+C2l5sS/\n\tkLxA==","X-Gm-Message-State":"AHPjjUg9K4JGGb14bCPgRv8tXUndfBxQFY+kCC/1HCrKIh2suddEIlx2\n\tdXvU9Y8QYp34AUViGe4OWCH9zdzrhrmzrDvgUOWzqky4+4ola+u+NoSIwf0nzwALfz+zXGknA+n\n\tNg30P8EtKDrp+GsrhMyZYe0cb5a0desER","X-Received":["by 10.36.214.75 with SMTP id o72mr1693414itg.105.1504199588853; \n\tThu, 31 Aug 2017 10:13:08 -0700 (PDT)","by 10.36.214.75 with SMTP id o72mr1693398itg.105.1504199588581; \n\tThu, 31 Aug 2017 10:13:08 -0700 (PDT)"],"X-Google-Smtp-Source":"ADKCNb4XoePv5Y+362J+9xalGV2wAkq34Z/HR6sukjt3XMjSUo/Ot6EBVS66ILZD1wr35l+IFiMaFQ==","Date":"Thu, 31 Aug 2017 12:13:07 -0500","From":"Seth Forshee <seth.forshee@canonical.com>","To":"John Johansen <john.johansen@canonical.com>","Subject":"APPLIED: [PATCH][Artful] UBUNTU: SAUCE: apparmor: fix apparmorfs DAC\n\taccess, permissions","Message-ID":"<20170831171307.cy2blqse3ksyptho@ubuntu-hedt>","References":"<7ed2de01-4873-f3cb-7c5b-15a63097d1ed@canonical.com>","MIME-Version":"1.0","Content-Disposition":"inline","In-Reply-To":"<7ed2de01-4873-f3cb-7c5b-15a63097d1ed@canonical.com>","User-Agent":"NeoMutt/20170609 (1.8.3)","Cc":"Kernel team list <kernel-team@lists.ubuntu.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.14","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"kernel-team-bounces@lists.ubuntu.com"}}]