mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge Upadate man apparmor.d to highlight pivot_root limitation

Browse source 
As pointed out by https://bugs.launchpad.net/apparmor/+bug/2087875 ,
profile transitions with pivot_root are currently not supported on any
kernel.

This commit makes this limitation more obvious to users.

Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1436
Approved-by: Ryan Lee <rlee287@yahoo.com>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-01-24 11:18:44 +00:00
commit dcce4bc62f
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
parser/apparmor.d.pod
View file

@ -1339,8 +1339,9 @@ pivot_root(2) is optionally specified in the 'pivot_root' rule using the
'oldroot=' prefix.
AppArmor 'pivot_root' rules can specify a profile transition to occur during
the pivot_root(2) system call. Note that AppArmor will only transition the
process calling pivot_root(2) to the new profile.
the pivot_root(2) system call. Note that currently, this feature is not
supported by any kernel. When this feature will be supported, AppArmor will
only transition the process calling pivot_root(2) to the new profile.
The paths specified in 'pivot_root' rules must end with '/' since they are
directories.