On Wed, 2012-05-30 at 20:00 -0700, John Johansen wrote: > On 05/30/2012 06:10 PM, Ben Hutchings wrote: [...] > >> vs. the old compat patch > >> git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor > >> da1ce2265ebb70860b9c137a542e48b170e4606b > >> > >>>> Kees, others, what do you think? > >>> > >> > >> While I like to see the latest stuff, I think the old patch is a smaller > >> delta, well tested and going to be less to maintain so it really seems > >> the way to go. > > > > So you're saying we should take just the one quoted above for wheezy? > > > > The aafs_create() and aafs_remove() calls are mismatched when > > CONFIG_SECURITY_APPARMOR_COMPAT_24 is not set, but aside from that it > > doesn't look too horrible. > > > oops I guess we never built it that way, I can fix that for you It would be an odd configuration but someone might use it and it would fail to build. Trivial for me to fix up, anyway. > > What about this one: > > > > commit 1023c7c2f9d9c5707147479104312c4c3d1a2c2b > > Author: John Johansen <john.johansen@canonical.com> > > Date: Wed Aug 10 22:02:39 2011 -0700 > > > > AppArmor: compatibility patch for v5 network controll > > > > Add compatibility for v5 network rules. > > > > That will provide support for the network rules and if you are willing > to carry it that would be greate but is not strictly necessary. Policy can > still be loaded and introspected. If that patch is missing and if profile > contains network rules the parser will complain about them not being > enforced, but it will still load and enforce the rest of the policy Looking back over the bug log, I see that wasn't requested, so I'm only applying 'AppArmor: compatibility patch for v5 interface' now. Ben. -- Ben Hutchings The obvious mathematical breakthrough [to break modern encryption] would be development of an easy way to factor large prime numbers. - Bill Gates
Attachment:
signature.asc
Description: This is a digitally signed message part