On Wed, 2012-05-30 at 16:46 -0700, John Johansen wrote: > On 05/30/2012 08:08 AM, micah anderson wrote: > > > > Hi all, > > > > Its been 2 months without a reply on this issue, and we are getting > > close to a freeze. Kees and John it looks like there are some pending > > questions for you below, it would be great if you could chime in with > > your opinons: > > > >> If the Debian kernel team was willing to carry some kind of AppArmor > >> kernel/userspace interface patch, I'm now unsure if the old or new > >> ones would be better suited. (I assume AppArmor 2.8 is released long > >> enough before the Wheezy freeze, so that we can ship it in there, and > >> are given this choice.) > >> > >> On the one hand, the old compat' patches are confidence inspiring, as > >> they are small and have been shipped by Ubuntu for a while. > > > > My opinon: the 2.4 compat patch is tiny, and it works well, and has been > > tested for some time, I think it makes the most sense to include this > > one. > > > probably, especially if you are looking to keep the patch as small as > possible Should I take it that '2.4 compat' actually means '2.4-2.7 compat'? [...] > vs. the old compat patch > git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor > da1ce2265ebb70860b9c137a542e48b170e4606b > > >> Kees, others, what do you think? > > > > While I like to see the latest stuff, I think the old patch is a smaller > delta, well tested and going to be less to maintain so it really seems > the way to go. So you're saying we should take just the one quoted above for wheezy? The aafs_create() and aafs_remove() calls are mismatched when CONFIG_SECURITY_APPARMOR_COMPAT_24 is not set, but aside from that it doesn't look too horrible. What about this one: commit 1023c7c2f9d9c5707147479104312c4c3d1a2c2b Author: John Johansen <john.johansen@canonical.com> Date: Wed Aug 10 22:02:39 2011 -0700 AppArmor: compatibility patch for v5 network controll Add compatibility for v5 network rules. Ben. -- Ben Hutchings The obvious mathematical breakthrough [to break modern encryption] would be development of an easy way to factor large prime numbers. - Bill Gates
Attachment:
signature.asc
Description: This is a digitally signed message part