Bug#661151: linux-2.6: lacks AppArmor kernel/userspace interface

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#661151: linux-2.6: lacks AppArmor kernel/userspace interface
From: intrigeri@debian.org
Date: Fri, 24 Feb 2012 16:16:03 +0100
Message-id: <[🔎] 85obsop8i4.fsf@boum.org>
Reply-to: intrigeri@debian.org, 661151@bugs.debian.org

Package: linux-2.6
Version: 3.2.6-1
Severity: wishlist
Tags: upstream

Hi,

we now have AppArmor enabled in the Debian kernels. This is great.
Thank you for enabling it. This made it possible to start an
effort [1] towards having some kind of minimal AppArmor support
in Wheezy.

One of the major things that make AppArmor rather troublesome to use
in production (in the version that was upstreamed) is the lack of the
"legacy interface" patch; that patch is carried e.g. by Ubuntu, but
not upstreamed yet.

The lack of this patch means that network mediation does not work at
all, and that profile states cannot be queried; e.g. aa-status and
aa-genprof are totally unusable as is. Kees Cook and others have been
working on building the new interface for the kernel, but they tell me
it is slow-going.

As of today, I'm not asking the Debian kernel team to carry this patch
(well, if you want to, I won't complain ;). The purpose of this bug
report is rather to allow us to mark other bugs, reported against the
AppArmor userspace tools, as blocked by the lack of kernel support.

  [1] http://lists.debian.org/debian-derivatives/2012/02/msg00009.html

Cheers,
--
  intrigeri

Reply to:

Follow-Ups:
- Bug#661151: linux-2.6: lacks AppArmor kernel/userspace interface
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#659927: Still find unresolved
Next by Date: Processed: block 653592 with 661151
Previous by thread: Bug#659927: Still find unresolved
Next by thread: Bug#661151: linux-2.6: lacks AppArmor kernel/userspace interface
Index(es):
- Date
- Thread