[apparmor] patch: override AF_MAX for kernels that don't support proper masking

Kees Cook kees.cook at canonical.com
Thu Mar 3 23:42:42 UTC 2011

On Thu, Mar 03, 2011 at 01:42:13PM -0800, John Johansen wrote:
> Older versions of the apparmor kernel patches didn't handle receiving
> network tables of a larger size than expected.
> Allow the parser to detect the kernel version and override the AF_MAX
> value for those kernels.
> This also replaces the hack using a hardcoded limit of 36 for kernels
> missing the features flag.

Oh, nice fix. Excellent; ACK.


Kees Cook
Ubuntu Security Team

More information about the AppArmor mailing list