@Doug, not a kernel regression and not an incompatible kernel change either. The kernel does support the older abi, however the compiled policy being sent to the kernel is for the new abi that the kernel is now advertising as being supported.
The kernel advertises its supported feature set and abis through the /sys/kernel/security/apparmor/features directory. The userspace side of things can choose to take advantage of the current kernel feature set/abi or to pin its supported feature set by setting the features file. This is not being done on ubuntu so the newest version of kernel features is always being supported, generally the userspace has been ahead of kernel features so it is more than willing to compile for them. What is odd, is that Ubuntu carries profiles with fine grained unix socket rules and these should be downgraded to basic the basic socket rules that the 4.13 kernel supports. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1721278 Title: apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" w/ 4.14-rc2 and later To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1721278/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
