Bug 127893 - Can't use /proc/pid/attr/current to set confinement of tasks started before apparmor loaded
Summary: Can't use /proc/pid/attr/current to set confinement of tasks started before a...
Status: RESOLVED FIXED
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: AppArmor (show other bugs)
Version: RC 4
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Tony Jones
QA Contact: Keiran Haggerty
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-12 17:41 UTC by Jesse Michael
Modified: 2005-10-25 04:58 UTC (History)
0 users

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Michael 2005-10-12 17:41:53 UTC 
Normally, you can write "setprofile /name/of/profile" to /proc/pid/attr/current
from an unconfined root process to change which profile a currently running
process is confined by, but this doesn't currently work on processes that were
already running before the apparmor module was loaded, even though it claims to.

# ps -AZ | grep gaim
unconstrained                    9878 ?        00:00:03 gaim

# echo -n "setprofile /opt/gnome/bin/gaim" > /proc/9878/attr/current

# tail -2 /var/log/messages
Oct 12 01:11:51 daedalus kernel: SubDomain: sd_setprocattr_setprofile: task
gaim(9878) has no subdomain
Oct 12 01:11:51 daedalus kernel: SubDomain: sd_setprocattr_setprofile: Switching
task gaim(9878) profile unconstrained active unconstrained to new profile
/opt/gnome/bin/gaim

# cat /proc/9878/attr/current
unconstrained

# ps -AZ | grep gaim
unconstrained                    9878 ?        00:00:03 gaim
Comment 1 Tony Jones 2005-10-25 04:57:42 UTC 
Fixed in r5484
Comment 2 Tony Jones 2005-10-25 04:58:18 UTC 
Fixed in r5484