On 02/09/2018 04:05 AM, Viacheslav Salnikov wrote:
> Hi Jonh,
> But even if upstream backport from 4.10 to 4.4 does not contain out-of-tree 
> patches, Xenial 4.4 has sockets support (*and probably namespaces support 
> too*).
> Or am I wrong?

correct for socket support, the network and af_unix mediation patches
are not present in the backport.

as I noted
>     the upstream backport series does not include the out of tree patches but 
> those can be
>     obtained from the apparmor project tree in the kernel patches directory
>     https://gitlab.com/apparmor/apparmor/tree/master/kernel-patches 
> <https://gitlab.com/apparmor/apparmor/tree/master/kernel-patches>

as for policy namespace support it has existed in various forms since
apparmor was included in 2.6.36, its just a matter of what interfaces
are supported the 4.11, 4.12, and 4.13 kernels each added support for
newer interfaces and reworked apparmorfs to better support policy

Full support of apparmor policy around linux namespaces (mount, user,
pid, ...) is still a wip

AppArmor mailing list
Modify settings or unsubscribe at: 

Reply via email to