Skip to content

abstractions/base: Add transparent hugepage support

Daniel Richard G. requested to merge iskunk/apparmor:feature/base-update into master

Found in testing a slimmed-down usr.sbin.sshd profile:

Jun  8 21:09:38 testvm kernel: [   54.847014] audit: type=1400 audit(1686272978.009:68): apparmor="DENIED" operation="open" profile="/usr/sbin/sshd" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=1035 comm="sshd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Not sure what glibc/system call uses this, but it seems pretty broadly applicable, and read access is presumably harmless. THP reference

Merge request reports