mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity

Upadate man apparmor.d to highlight pivot_root limitation

Browse Source 
As pointed out by https://bugs.launchpad.net/apparmor/+bug/2087875 ,
profile transitions with pivot_root are currently not supported on any
kernel.

This commit makes this limitation more obvious to users.

Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
(cherry picked from commit cf51f7aadd11bbb6a009ee5d3d9b4a96fa2e22e5)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Maxime Bélair 2024-11-27 17:25:05 +01:00 committed by John Johansen
parent 6077cf37c6
commit 3f15ce23ba
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
parser/apparmor.d.pod
View File

@ -1339,8 +1339,9 @@ pivot_root(2) is optionally specified in the 'pivot_root' rule using the
'oldroot=' prefix.
AppArmor 'pivot_root' rules can specify a profile transition to occur during
the pivot_root(2) system call. Note that AppArmor will only transition the
process calling pivot_root(2) to the new profile.
the pivot_root(2) system call. Note that currently, this feature is not
supported by any kernel. When this feature will be supported, AppArmor will
only transition the process calling pivot_root(2) to the new profile.
The paths specified in 'pivot_root' rules must end with '/' since they are
directories.