MountRule: Aligning behavior with apparmor_parser (!1236) · Merge requests · AppArmor / apparmor

Maxime Bélair requested to merge emixam16/apparmor:mount-rule-v6 into master May 20, 2024

Mount Rules with options in { remount, [make-] { [r]unbindable, [r]shared, [r]private, and [r]slave }} do not support specifying a source. This commit aligns utils implementation to apparmor_parser's, which prohibits having a both source and a destination simultaneously, instad of just prohibiting source.

Therefore, both mount options=(unbindable) /a, and mount options=(unbindable) -> /a, are now supported (and equivalent for apparmor_parser). However, mount options=(unbindable) /a -> /b, is invalid.

For the same reason, specifying a fstype in these cases is also prohibited.

Similarly, we prohibit to specify a fstype for bind mount rules.

Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685

Signed-off-by: Maxime Bélair maxime.belair@canonical.com

Edited May 20, 2024 by Maxime Bélair

MountRule: Aligning behavior with apparmor_parser

Merge request reports