On 2/17/18 12:12 AM, John Johansen wrote:
On 02/16/2018 12:50 PM, Vincas Dargis wrote:
If we stick to this conditionals approach, I believe we are targeting fix for
this NVIDIA issue in no earlier than AppArmor 3.1 I guess?
This being said, can (and should) we do anything "now", for upcoming Ubuntu
18.04 LTS, and anyone else being annoyed by these DENIED messages?
Maybe we just add appropriate `allow` rules into `<abstractions/nvidia>`, probably reducing
security for some applications without real need too much, but with the agreement that this temporary
"over-permissiveness" is going to be fixed in the future, by updating
`<abstractions/nvidia>` to have these conditionals with error/assert messages?
Tails or anyone else could just patch <abstractions/nvidia> or specific
application profile to add explicit denies on the top if needed.
well error and warn are small patches we could certainly sneak into 3.0
I do think addressing it temporarily is the way to go, whether it is by doing the above
without the error statement or just going with temporary "over-permissiveness"
another thought on the error and warn statements is that they could be
#error message
and
#warn message
so that they could be added now and just ignored as comments in earlier
versions of apparmor
So the idea is to wait for 3.0 (BETA?) to implement this long-topic
NVIDIA issue then? That would be really nice way, I guess, to fix this
in one go, instead of "temporar-stuff-and-real-fix-later".
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
