On Fri, 2017-10-27 at 11:53 +0200, intrigeri wrote:
[...]
> > 2. fix all the problems identified in #1
>
> We're almost there! Remaining blockers:
>
> - deal with Linux 4.14 bringing in new mediation features and having
> a bug (until -rc6 at least) precisely in the way it handles the
> obvious mitigation I've applied (feature set pinning): tracked by
> #877581, likely 4.14-rc7 will fix it;
It seems to have been fixed - kind of - by a revert:
commit 80c094a47dd4ea63375e3f60b5e076064f16e857
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu Oct 26 19:35:35 2017 +0200
Revert "apparmor: add base infastructure for socket mediation"
Let's hope socket mediation will be enabled again in a compatible way
for 4.15.
> worst case, if Linux 4.14
> reaches sid with this bug not fixed yet, I'll revert the feature
> set pinning and we'll deal with whatever bits of policy need
> updates (the most important ones all have patches submitted
> upstream + to the BTS already so I'm confident)
>
> - enable AppArmor by default in our Linux kernel: I'll file a bug
> about it once the above issue is resolved
[...]
Already did it with today's uploads. :-)
Ben.
--
Ben Hutchings
friends: People who know you well, but like you anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part