apparmor

mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00

History

Christian Ehrhardt edf69b3b54 Allow access to possible cpus for glibc-2.36 Glibc in 2.36 and later will [1] access sysfs at /sys/devices/system/cpu/possible when usig sysconf for _SC_NPROCESSORS_CONF. That will make a lot of different code, for example anything linked against libnuma, trigger this apparmor denial. apparmor="DENIED" operation="open" class="file" ... name="/sys/devices/system/cpu/possible" ... requested_mask="r" denied_mask="r" fsuid=0 ouid=0 This entry seems rather safe, and it follows others that are already in place. Instead of fixing each software individually this should go into the base profile as well. Initially reported via https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073 Fixes: https://gitlab.com/apparmor/apparmor/-/issues/267 MR: none - ML Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> (cherry picked from commit `c159d0925a`) Signed-off-by: John Johansen <john.johansen@canonical.com>		2022-11-14 21:48:47 -08:00
..
apparmor/profiles/extras	profiles: dhclient: allow setting task comm name	2021-03-31 03:02:54 -07:00
apparmor.d	Allow access to possible cpus for glibc-2.36	2022-11-14 21:48:47 -08:00
Makefile	Merge [2.11..2.13] Support setuptools >= 61.2 in Python tests	2022-08-22 15:28:46 -07:00