[apparmor] [Bug 793505] Re: apparmor not work with kernel 2.6.38 or 2.6.39 with ubuntu

Mon Jun 6 17:22:24 UTC 2011

AppArmor will work with the 2.6.38 and 2.6.39 kernels however it has
some limitations because the upstream kernel is missing certain patches
(AppArmor 2.4 compatibility patch).

The parser is detecting that the loaded kernel is missing certain features and reporting that to warn you.
The effect of the missing patches are the following
- policy can be loaded, replaced, and removed but it can't be fully introspected
  - this means the initscript based reload, and stop will not work but manual apparmor_parser replacement and removal will work
  - aa-status will not work
  - ps -Z will work
- Network rules are not enforced

Until the new introspection interface (which is being worked on), and
networking patches are accepted upstream, unpatched upstream kernels
will unfortunately have these issues.

** Changed in: apparmor
   Importance: Undecided => Wishlist

** Changed in: apparmor
       Status: New => In Progress

** Changed in: apparmor
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/793505

Title:
  apparmor not work with kernel 2.6.38 or 2.6.39 with ubuntu

Status in AppArmor Linux application security framework:
  Won't Fix

Bug description:
  I have ubuntu maverick and try to compile the new stable kernel fro
  kernel.org but at the boot there is a problem with apparmor that i
  can't fix. I attach the /var/log/boot.log

  * Starting AppArmor profiles       [128G Cache read/write disabled:
  /sys/kernel/security/apparmor/features interface file missing. (Kernel
  needs AppArmor 2.4 compatibility patch.)