This is indeed upstream, and works as far as it goes. There are
currently issues when crossing system namespace boundaries but those are
being treated as separate issues. The stacking it self works policy when
crossing ns boundaries has to be aware of it and more relaxed than we
would like.
--
I see this is "Fix Released" everywhere but on the upstream AppArmor
project. I understand this has made its way upstream and works with
mainline kernel, e.g. for LXC. If my understanding is incorrect, please
clarify what's left to do here (or perhaps track it on a finer-grained
follow-up bug :)
This bug was fixed in the package apparmor - 2.10.95-0ubuntu1
---
apparmor (2.10.95-0ubuntu1) xenial; urgency=medium
* Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
- Allow Apache prefork profile to chown(2) files (LP: #1210514)
- Allow deluge-gtk and
** Branch linked: lp:ubuntu/trusty-proposed/linux-lts-xenial
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1379535
Title:
policy namespace stacking
Status in AppArmor:
This bug was fixed in the package linux - 4.4.0-15.31
---
linux (4.4.0-15.31) xenial; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1559252
* Xilinx KU3 Capi card does not show up in Ubuntu 16.04 (LP: #1557001)
- SAUCE: (noup) cxl: Allow initialization on
** Changed in: apparmor (Ubuntu)
Status: Confirmed => In Progress
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in
** Description changed:
- Tracking bug for supporting stacked namesapaces (ie, different profiles
- on host, container, container in a container, etc)
+ Tracking bug for supporting stacked policy namesapaces (ie, different
+ profiles on host, container, container in a container, etc)
--
You
** Summary changed:
- namespace stacking
+ policy namespace stacking
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1379535
Title:
policy namespace stacking
Status in
** Also affects: apparmor (Ubuntu Xenial)
Importance: Critical
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
** Also affects: linux (Ubuntu Xenial)
Importance: Critical
Status: Triaged
** Changed in: linux (Ubuntu Xenial)
Status: Triaged => Fix Committed
**
9 matches
Mail list logo
