What is the best place to get the AppArmor kernel test suite?
I haven't found an obvious source.
Thank you.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Has anyone tried an Ubuntu 17.04 system with a 4.15-rc2 kernel? Are there known
issues?
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On 12/6/2017 9:51 AM, Tyler Hicks wrote:
> Hello - The AppArmor project would like for AppArmor audit records to be
> supported by the audit-userspace tools, such as ausearch, but it
> requires some coordination between the linux-security-module and
> linux-audit lists. This was raised as a feature
On 12/11/2017 7:44 AM, Steve Grubb wrote:
> On Wednesday, December 6, 2017 1:47:43 PM EST Casey Schaufler wrote:
>>> While it will be potentially painful to switch, the AppArmor project is
>>> considering to use a unique range in order for audit-userspace to
>>>
On 8/10/2018 8:39 AM, Theodore Y. Ts'o wrote:
> On Fri, Aug 10, 2018 at 04:11:31PM +0100, David Howells wrote:
>> Yes. Since you *absolutely* *insist* on this being fixed *right* *now* *or*
>> *else*, I'm working up a set of additional patches to give userspace the
>> option of whether they want n
On 8/10/2018 9:48 PM, Eric W. Biederman wrote:
> "Theodore Y. Ts'o" writes:
>
>> On Fri, Aug 10, 2018 at 08:05:44PM -0500, Eric W. Biederman wrote:
>>> My complaint is that the current implemented behavior of practically
>>> every filesystem in the kernel, is that it will ignore mount options
>>>
On 8/13/2018 12:00 PM, James Morris wrote:
> On Mon, 13 Aug 2018, Al Viro wrote:
>
>> On Mon, Aug 13, 2018 at 09:48:53AM -0700, Andy Lutomirski wrote:
>>> Are there cases I'm missing? It sounds like the API could be improved
>>> to fully model the last case, and everything will work nicely.
>>
On 11/30/2018 7:14 AM, Florian Weimer wrote:
> Is it guaranteed that tasks in the same thread group can always send
> signals to each other, irrespective of their respective credentials
> structs?
No. An LSM may chose to disallow this based on just about any
criteria it desires.
> It's not clear
On 7/26/2019 5:56 AM, Abhishek Vijeev wrote:
>
> Hi,
>
>
> I have a few questions about AppArmor's kernel code and would be grateful if
> you could kindly answer them.?
>
>
> 1) Why does AppArmor maintain two separate security blobs in cred->security
> as well as task-security for processes? For
On 6/14/2021 3:45 PM, Murali Selvaraj wrote:
> Hi All,
>
> In general, Apparmor hooks will be called after DAC check/validation.
> I would like to understand the theory by writing into a sample script
> as follows.
>
> Created an empty profile for this demo.sh in complain mode to understand what
>
The Ubuntu kernel has "subj=unconfined" in its audit records.
The Linus v5.16-rc4 kernel has "subj==unconfined".
I see in the upstream where the extra "=" comes from, but I
don't see how to get to that code. I have not looked into the
patches Ubuntu is using, but there must be something.
--
App
On 12/13/2021 4:28 PM, John Johansen wrote:
On 12/13/21 9:48 AM, Casey Schaufler wrote:
The Ubuntu kernel has "subj=unconfined" in its audit records.
The Linus v5.16-rc4 kernel has "subj==unconfined".
I see in the upstream where the extra "=" comes from, but I
On 12/14/2021 3:16 AM, John Johansen wrote:
Okay I have checked through the code, and we are lucky in that currently this
only being used to valid that conversions of secids into secctx's are only
being done from the with the correct view.
The smallest patch is a simple character substitution
On 8/16/2022 12:11 PM, Matthew Wilcox wrote:
> On Tue, Aug 16, 2022 at 11:58:36AM -0700, Linus Torvalds wrote:
>> That said, our filldir code is still confusing as hell. And I would
>> really like to see that "shared vs non-shared" iterator thing go away,
>> with everybody using the shared one - an
On 10/19/2022 7:36 PM, Xiu Jianfeng wrote:
> According to the implementations of cred_label and set_cred_label, we
> should use pointer to struct aa_label for lbs_cred instead of struct
> aa_task_ctx, this patch fix it.
>
> Fixes: bbd3662a8348 ("Infrastructure management of the cred security blob")
On 5/31/2023 4:05 AM, GONG, Ruiqi wrote:
> As the security infrastructure has taken over the management of multiple
> *_security blobs that are accessed by multiple security modules, and
> sk->sk_security shares the same situation, move its management out of
> individual security modules and into t
On 5/31/2023 2:10 PM, Paul Moore wrote:
> On Wed, May 31, 2023 at 10:00 AM Casey Schaufler
> wrote:
>> On 5/31/2023 4:05 AM, GONG, Ruiqi wrote:
>>> As the security infrastructure has taken over the management of multiple
>>> *_security blobs that are accessed by
c.
>
> To fix this issue, we are converting all kmalloc that is called within
> RCU read-side critical section to use GFP_ATOMIC.
>
> Fixes: c7423dbdbc9e ("ima: Handle -ESTALE returned by
> ima_filter_rule_match()")
> Cc: sta...@vger.kernel.org
> Signed-off-by:
conditional compilation based on feature
inclusion is contained in the include/lsm files.
Suggested-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: apparmor@lists.ubuntu.com
Cc: b...@vger.kernel.org
Cc: seli...@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
---
include/linux/lsm
On 9/3/2024 5:18 PM, Paul Moore wrote:
> On Aug 29, 2024 Casey Schaufler wrote:
>> When more than one security module is exporting data to audit and
>> networking sub-systems a single 32 bit integer is no longer
>> sufficient to represent the data. Add a structure to be us
On 9/4/2024 1:00 PM, Paul Moore wrote:
> On Tue, Sep 3, 2024 at 8:53 PM Casey Schaufler wrote:
>> On 9/3/2024 5:18 PM, Paul Moore wrote:
>>> On Aug 29, 2024 Casey Schaufler wrote:
> ..
>
>>>> +/*
>>>> + * Data exported by the security modules
&
conditional compilation based on feature
inclusion is contained in the include/lsm files.
Suggested-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: apparmor@lists.ubuntu.com
Cc: b...@vger.kernel.org
Cc: seli...@vger.kernel.org
Cc: linux-security-mod...@vger.kernel.org
---
include/linux/lsm
On 1/26/2012 4:45 AM, Miklos Szeredi wrote:
Forwarding from an internal bug report:
"AppArmor does not mediate the xattr system calls for confined processes.
As a consequence, a confined process can cross the confinement privilege
boundary by reading or writing to extended attribute
On 7/2/2013 11:43 PM, Seth Arnold wrote:
> I wrote a long detailed response to your questions but realized after a
> while that I was relying on some pretty huge assumptions on how the LSM
> networking hooks interact with the secmark hooks.
>
> So, rather than send a long email based on probably in
On 7/22/2013 7:43 AM, Alex Lyakas wrote:
> Greetings all,
Adding AppArmor people to the list.
> we had a kernel crash, and looking at stacks there are two
> security_bprm_set_creds() calls failing:
>
> [118937.245466] udevd D 0 20811 20670
> 0x
> [118937.24
25 matches
Mail list logo