[PATCH 13/36] cmd/libsnap-confine-private: Tighten AppArmor label check
Only consider snap-confine as confined by AppArmor when the AppArmor label
matches an expected path location for the snap-confine binary, rather than
just if the label is not "unconfined". This ensures snap-confine will fail
to execute if it is executed under a more permissive AppArmor profile than
expected.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
Gbp-Pq: Topic cve202144730
Gbp-Pq: Name 0013-cmd-libsnap-confine-private-Tighten-AppArmor-label-c.patch
projects / snapd.git / commit