[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Let's enable AppArmor by default (why not?)

On Fri, 2017-10-27 at 11:53 +0200, intrigeri wrote:
> > 2. fix all the problems identified in #1
> We're almost there! Remaining blockers:
>  - deal with Linux 4.14 bringing in new mediation features and having
>    a bug (until -rc6 at least) precisely in the way it handles the
>    obvious mitigation I've applied (feature set pinning): tracked by
>    #877581, likely 4.14-rc7 will fix it;

It seems to have been fixed - kind of - by a revert:

commit 80c094a47dd4ea63375e3f60b5e076064f16e857
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu Oct 26 19:35:35 2017 +0200

    Revert "apparmor: add base infastructure for socket mediation"

Let's hope socket mediation will be enabled again in a compatible way
for 4.15.

>    worst case, if Linux 4.14
>    reaches sid with this bug not fixed yet, I'll revert the feature
>    set pinning and we'll deal with whatever bits of policy need
>    updates (the most important ones all have patches submitted
>    upstream + to the BTS already so I'm confident)
>  - enable AppArmor by default in our Linux kernel: I'll file a bug
>    about it once the above issue is resolved

Already did it with today's uploads. :-)


Ben Hutchings
friends: People who know you well, but like you anyway.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: