note that AppArmor is planning to make all paths be absolute paths, so if you chroot bind in /bind then it's profile would be /bind/** to close this exact vunerability.
don't mistake a weakness in the current implementation with a fundamental flaw in the design
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds