Bug#1050256: AppArmor breaks locking non-fs Unix sockets
- To: John Johansen <john.johansen@canonical.com>
- Cc: 1050256@bugs.debian.org, John Johansen <john.johansen@canonical.com>, Mathias Gibbens <gibmat@debian.org>, John Johansen <john@apparmor.net>, Paul Gevers <elbrus@debian.org>, Antonio Terceiro <terceiro@debian.org>, pkg-systemd-maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>, apparmor@lists.ubuntu.com, Harald Dunkel <harri@afaics.de>
- Subject: Bug#1050256: AppArmor breaks locking non-fs Unix sockets
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 3 Aug 2024 21:35:25 +0200
- Message-id: <[🔎] Zq6GfWwlD2oqu2BW@eldamar.lan>
- Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1050256@bugs.debian.org
- In-reply-to: <ZlMfW3I6dcpn2nAv@eldamar.lan>
- References: <38461b24-1b42-45f7-98d6-e6e353c0d203@debian.org> <169271330498.34427.2191706613553030083.reportbug@pluto.milchstrasse.xx> <ZXDsAecCKiSuHsO2@eldamar.lan> <ZZA69zQAzpzPojD5@eldamar.lan> <9d6a5b2368016e2ef7b11c64b7c9db69419318ec.camel@debian.org> <b8bb1a0e-9b50-4f78-8473-4f0151677f25@canonical.com> <169271330498.34427.2191706613553030083.reportbug@pluto.milchstrasse.xx> <ZbYk7yOaAq0O8Rid@eldamar.lan> <169271330498.34427.2191706613553030083.reportbug@pluto.milchstrasse.xx> <ZlMfW3I6dcpn2nAv@eldamar.lan> <169271330498.34427.2191706613553030083.reportbug@pluto.milchstrasse.xx>
Hi John,
On Sun, May 26, 2024 at 01:39:07PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> For those watching this bug: John has prepared backports in his tree,
> with both approaches:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git/log/?h=debian-two-patch-1780227
>
> and
>
> https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git/log/?h=debian-backport-1780227
>
> (but with the open question which one will be submitted for stable.
> >From upstream stable point of view probably the two patch backport
> approach would be the preferred one).
We still have tis issue open for 6.1.y upstream TTBOMK. If you are
confident as maintainer with any of the two approaches, would it be
possible to submit them for stable? If the preferred one get then
accepted and queued, we might already cherry-pick the solution for us,
but at this point we can wait for the respective 6.1.y stable version
which will include the fix.
Regards,
Salvatore
Reply to: