On Sat, 2012-06-23 at 20:53 +0200, intrigeri wrote: > Hi John, > > John Johansen wrote (17 Jun 2012 19:08:20 GMT) : > > On 06/15/2012 05:08 PM, Ben Hutchings wrote: > >>> > >>>>> If we don't want to restrict sockets used by the kernel, don't we need > >>>>> to store the kern flag for later use by aa_revalidate_sk()? > >>>>> > >>>> For how apparmor is generally deployed it can get away with this, the > >>>> kernel bits generally bail out earlier on the check for unconfined. > >>> > >>>> That is not to say it isn't a good idea, or that it shouldn't be done. > >>>> The fact is this patch is going to be replaced with completely rewritten > >>>> controls, that do store info on the socket, it just hasn't happened yet > >>>> due to resources and priorities (not my priorities). > >>> > >>> Ben, is this a blocker? > >> > >> I want to be convinced that this is not a bug, or else get a fix for it. > >> > > I am looking at the kernel bits here, but I don't have a patch yet > > Do you think you'll manage to do it in time for the Wheezy freeze > (June 30th)? [...] What is it that you think will happen at the freeze? We stop fixing all bugs and do nothing for the next few months? Ben. -- Ben Hutchings The program is absolutely right; therefore, the computer must be wrong.
Attachment:
signature.asc
Description: This is a digitally signed message part