Hi!
Vincas Dargis:
> Since network mediation is reverted from 4.14 (sorry have no link to
> cite), is this still a blocker?
You're correct in that this task does not block the whole "enabling
AppArmor by default" plan anymore, since we have pinned the Linux 4.13
feature set and such pinning was
Since network mediation is reverted from 4.14 (sorry have no link to cite), is this still a blocker? Do we need to
"sprint" for 4.14-possibly-introducing issues?
When testing stuff on 4.14, make sure you:
- use apparmor 2.11.1
- disable features-files= in /etc/apparmor/parser.conf (otherwise not
only you'll be stuck to 4.13's feature set and unable to do useful
work here, but worse you'll hit a kernel bug wrt. feature set
pinning & network
Vincas Dargis:
> On 2017.10.12 07:37, intrigeri wrote:
>> I suspect more is coming. Ubuntu / OpenSUSE probably already have
>> some of this stuff.
> Could you clarify, why Ubuntu should have issues, if they had
> network mediation before?
You're right, Ubuntu should not be affected by this
Christian Boltz:
> It turned out that the added "network unix dgram/stream" rules are not
> really needed. Let me explain ;.-)
> In theory apparmor_parser should downgrade the "unix" rules in
> abstractions/base to "network unix" rules (when using Kernel < 4.15),
> which allows more than
Hello,
Am Donnerstag, 12. Oktober 2017, 18:18:53 CEST schrieb Vincas Dargis:
> Could you clarify, why Ubuntu should have issues, if they had network
> mediation before?
It turned out that the added "network unix dgram/stream" rules are not
really needed. Let me explain ;.-)
In theory
On 2017.10.12 07:37, intrigeri wrote:
I suspect more is coming. Ubuntu / OpenSUSE probably already have
some of this stuff.
Could you clarify, why Ubuntu should have issues, if they had network mediation
before?
Control: retitle -1 apparmor: Ensure our AppArmor policy does not break stuff
with Linux 4.14
Control: tag -1 - patch
Control: tag -1 - pending
I've upgraded my system to 4.14 and had to adjust no less than 7 profiles
*after* applying Christian's patch to abstractions/nameservice.
They're
Package: apparmor
Version: 2.11.0-11
Severity: important
This bug is meant to track
https://lists.alioth.debian.org/pipermail/pkg-apparmor-team/2017-October/001755.html
We should apply this patch as a temporary workaround before Linux 4.14
reaches Debian (ideally, before it reaches
9 matches
Mail list logo