On Fri, 02 Oct 2020, Andrew Savchenko wrote:
> Greetings,
>
> As AppArmor v3.0 is now released[1], is there a chance that network, dbus and
> sockets will be supported in Bullseye?
>
> [1] https://lists.ubuntu.com/archives/apparmor/2020-October/012183.html
AppArmor 3 allows use of networkv8
Greetings,
As AppArmor v3.0 is now released[1], is there a chance that network, dbus and
sockets will be supported in Bullseye?
[1] https://lists.ubuntu.com/archives/apparmor/2020-October/012183.html
--
Regards,
A
Hi,
Heenec (2020-04-09):
> intrigeri:
>> FWIW, this is now mentioned in the manpage that documents the policy
>> language: apparmor.d(5)
>
> Maybe I have not read the manual thoroughly enough, but I have not found
> mentions of features that does not work in Debian yet.
On my sid system I see
intrigeri:
> FWIW, this is now mentioned in the manpage that documents the policy
> language: apparmor.d(5)
Maybe I have not read the manual thoroughly enough, but I have not found
mentions of features that does not work in Debian yet. Maybe such notice
should be placed in "Network Rules" section
Paolo Greppi:
> Should this be documented in /usr/share/doc/apparmor/README.Debian ?
FWIW, this is now mentioned in the manpage that documents the policy
language: apparmor.d(5)
Cheers,
--
intrigeri
I looked at the status of this on buster:
uname -a
Linux localhost.localdomain 4.19.0-2-amd64 #1 SMP Debian 4.19.16-1 (2019-01-17)
x86_64 GNU/Linux
and the issue still can be reproduced (in the sense that telnet.netkit network
access will not be blocked after enforcing the rule).
Except it
On Tue, 24 Jul 2018 18:38:49 +0800 intrigeri wrote:
John answered my question on IRC:
- "you can't yet. You will need an apparmor 3.0 beta which keeps
getting delayed"
Aawww.. Anyway, good to know :) .
intrigeri:
> John, could you please tell me how I can benefit from the network
> socket mediation feature that was merged into Linux 4.17?
John answered my question on IRC:
- "you can't yet. You will need an apparmor 3.0 beta which keeps
getting delayed"
- "for various reasons, I won't let the
Hi,
(John, one question for you below, please search for your name :)
Vincas Dargis:
> On 7/22/18 3:48 PM, intrigeri wrote:
>> Vincas Dargis:
>>> I've managed to install 4.17.0-rc3 and 4.18.0-rc4 with equivs hack, and I
>>> did not see
>>> any immediate problems with some lightweight testing.
On 7/22/18 3:48 PM, intrigeri wrote:
Hi Vincas,
Vincas Dargis:
I've managed to install 4.17.0-rc3 and 4.18.0-rc4 with equivs hack, and I did
not see
any immediate problems with some lightweight testing.
Great.
Both on Stretch, right?
Yes.
Did you disable feature-set pinning entirely
Hi Vincas,
Vincas Dargis:
> I've managed to install 4.17.0-rc3 and 4.18.0-rc4 with equivs hack, and I did
> not see
> any immediate problems with some lightweight testing.
Great.
Both on Stretch, right?
Did you disable feature-set pinning entirely or update the feature-set
to enable the new
On Sun, 17 Jun 2018 16:36:39 +0200 intrigeri wrote:
Vincas Dargis:
> linux-compiler-gcc-7-x86 needs gcc-7 that is not available?
For Tails we work this around with equivs:
https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/12-kernel-modules-build-environment
I've managed to
Vincas Dargis:
> linux-compiler-gcc-7-x86 needs gcc-7 that is not available?
For Tails we work this around with equivs:
https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/12-kernel-modules-build-environment
On Wed, 13 Jun 2018 19:44:58 +0200 intrigeri wrote:
Also, it would be nice to test Linux 4.17 with the feature-sets we
ship in Stretch and testing/sid, in order to catch any bug like
#883703 ASAP.
Got ideas how could I install 4.17 on Stretch?
```
$ sudo apt install -t experimental
Vincas Dargis:
> On Wed, 13 Jun 2018 19:44:58 +0200 intrigeri wrote:
>> I'll be very busy until DebCamp so it's unlikely I do much on this
>> front until then (best case I'll press the right buttons to enable
>> this on my own system once 4.17 is in sid, but I won't have time to
>> test software
On Wed, 13 Jun 2018 19:44:58 +0200 intrigeri wrote:
I'll be very busy until DebCamp so it's unlikely I do much on this
front until then (best case I'll press the right buttons to enable
this on my own system once 4.17 is in sid, but I won't have time to
test software I don't use myself).
intrigeri:
> Linux v4.17-rc1 now supports basic socket mediation, which will allow
> us to close this bug report:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56974a6fcfef69ee0825bd66ed13e92070ac5224
… which made it into v4.17 final :)
We could start testing
Woohoo!
What's next left, DBus?
On 4/20/18 11:45 AM, intrigeri wrote:
Linux v4.17-rc1 now supports basic socket mediation, which will allow
us to close this bug report:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56974a6fcfef69ee0825bd66ed13e92070ac5224
:)
Linux v4.17-rc1 now supports basic socket mediation, which will allow
us to close this bug report:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56974a6fcfef69ee0825bd66ed13e92070ac5224
:)
19 matches
Mail list logo
