Bug#661151: [apparmor] Bug#661151: linux-2.6: lacks AppArmor kernel/userspace interface
Hi all,
Its been 2 months without a reply on this issue, and we are getting
close to a freeze. Kees and John it looks like there are some pending
questions for you below, it would be great if you could chime in with
your opinons:
>If the Debian kernel team was willing to carry some kind of AppArmor
>kernel/userspace interface patch, I'm now unsure if the old or new
>ones would be better suited. (I assume AppArmor 2.8 is released long
>enough before the Wheezy freeze, so that we can ship it in there, and
>are given this choice.)
>
>On the one hand, the old compat' patches are confidence inspiring, as
>they are small and have been shipped by Ubuntu for a while.
My opinon: the 2.4 compat patch is tiny, and it works well, and has been
tested for some time, I think it makes the most sense to include this
one.
>On the other hand, it seems the new patches are being upstreamed,
>which makes them more appealing somehow than the older ones.
The newer patch is bigger, some of it must be backported from Linux 3.4,
some from Ubuntu, it is much less tested and I suspect because of that
will encounter much more resistance from Debian's kernel team to include
it. Presumably this will eventually be the one that will be upstreamed,
but it isn't there yet. This is why I think the 2.4 compat patch is the
way to go with Wheezy, when the newer patch is upstreamed that can be
swapped out then.
>John, I think it would help if you could please point us more
>precisely to the commits of the new interface that have been
>upstreamed already, and to the ones that have not been, so that we can
>get a rough idea of where things are at.
>
>Kees, others, what do you think?
micah
--
Reply to: