Commit b686afa2 introduced the invalid apparmor rule `mount options=(rw, runbindable) /,` since runbindable mount rules cannot have a source.
Therefore running aa-logprof/aa-genprof will trigger errors (see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685)
$ sudo aa-logprof
ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')
This patch fixes it to the intended behavior.
Signed-off-by: Maxime Bélair
---
contrib/apparmor/abstractions/passt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt
index 61ec32c..d245115 100644
--- a/contrib/apparmor/abstractions/passt
+++ b/contrib/apparmor/abstractions/passt
@@ -26,7 +26,7 @@
capability sys_ptrace,
/ r, # isolate_prefork(), isolation.c
- mount options=(rw, runbindable) /,
+ mount options=(rw, runbindable) -> /,
mount "" -> "/",
mount "" -> "/tmp/",
pivot_root "/tmp/" -> "/tmp/",
--
2.40.1