Hi, James Henstridge (2021-02-16): > 2. As for why Debian is not being considered for "full" support, > I suspect this is down to the out-of-tree patches to enable access > control for unix domain sockets. This will likely resolve itself > when snapd moves to use the new AppArmor 3.0 network features (which > does not rely on out of tree patches).
FTR, according to Jamie Strandboge [1], even with AppArmor 3 some network features are missing until support is added to the upstream kernel: Jamie Strandboge <ja...@canonical.com> (Mon, 5 Oct 2020 12:42:50 -0500): > AppArmor 3 allows use of networkv8 rules (ie, what is in the upstream > kernel) so apparmor 3 in Debian would allow for this to work. > > The upstream kernel does not yet support AF_UNIX rules, so anonymous > sockets, abstract sockets and dbus won't be available. Work has picked > up to get this into the upstream kernel (perhaps 5.11). [1] https://bugs.debian.org/712451#126 Cheers!
