On 06/29/2012 07:54 PM, intrig...@debian.org wrote:
> Package: apparmor
> Version: 2.7.103-3
> Severity: grave
> X-Debbugs-CC: john.johan...@canonical.com, k...@debian.org, mi...@riseup.net
>
> Hi,
>
> (following-up on #676515)
>
> John Johansen wrote (26 Jun 2012 17:48:38 GMT) :
>> Okay, there are 4 kernel patches, not all of them are needed depending on
>> whether
>> the network patch is applied or not.
>
>> If you don't want to apply the networking patch
>> 0001-apparmor-remove-advertising-the-support-of-network-r.patch
>
>> Stops the kernel interface from incorrectly advertising that it
>> supports network rules. A further patch (not attached) to
>> userspace will also have to be applied
>
> Thanks, John, for your work on this.
>
> For those who did not follow the entire saga, this patch was applied
> in the linux 3.2.21-3 source package, to complement the incomplete
> AppArmor compatibility patch, so Debian bug #676515 was closed,
> as the kernel side is now sorted out. So far, so good.
>
> However, as expected, this is not enough to make AppArmor usable, so
> the current state in current sid is still a regression compared to
> when the compatibility patch was not applied to the kernel: it used to
> be bad, but relatively usable, and it's now totally unusable.
>
> This bug is here to track the additional patch against userspace,
> that John mentioned was needed, which is confirmed by my experience.
>
>
Sorry I meant to have attached this patch already as a separate comment
when I posted the kernel patches.
---
Fix the parser so it checks for the presence of the network feature in the
compatibility interface. Previously it was assuming that if the compatibility
interface was present that network rules where also present, this is not
necessarily true and causes apparmor to break when only the compatibility
patch is applied.
Signed-off-by: John Johansen <john.johan...@canonical.com>
=== modified file 'parser/parser_main.c'
--- parser/parser_main.c 2012-04-11 23:03:21 +0000
+++ parser/parser_main.c 2012-06-30 06:31:05 +0000
@@ -873,6 +873,11 @@
//fprintf(stderr, "flags string: %s\n", flags_string);
//fprintf(stderr, "changehat %d\n", flag_changehat_version);
}
+ if (strstr(flags_string, "network"))
+ kernel_supports_network = 1;
+ else
+ kernel_supports_network = 0;
+
return;
fail:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
