[Apparmor-general] files in /usr/share/locale/** being mmaped
Andreas Hasenack
andreas at mandriva.com.br
Tue Jun 19 12:39:48 MDT 2007
While testing /bin/netstat with a profile, I saw that i18n files in
/usr/share/locale need the "m" permission:
type=APPARMOR msg=audit(1182278084.996:272): REJECTING m access to /usr/share/locale/pt_BR.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES (22459 profile /bin/netstat active /bin/netstat)
strace confirms these files being mmap()ed:
22491 open("/usr/share/locale/pt_BR.UTF-8/LC_IDENTIFICATION", O_RDONLY) = 3
22491 fstat64(3, {st_mode=S_IFREG|0644, st_size=351, ...}) = 0
22491 mmap2(NULL, 351, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f4c000
22491 close(3)
Should /etc/apparmor.d/abstractions/base be changed to include m for
/usr/share/locale/**? Or is there some other way, perhaps other config?
More information about the Apparmor-general
mailing list