[apparmor] What replaced aa-status command if no compability patch applied to kernel ?
john.johansen at canonical.com
Sat Jun 16 19:06:22 UTC 2012
On 06/15/2012 10:16 PM, Aaron Lewis wrote:
> I'm not running Ubuntu , but I think I should ask here:
yes this is the general apparmor list. It ended up under the lists.ubuntu.com
because of some weird quirks that happened when we where trying to migrate
from the old Novell forge list. We needed a list fast and this location ended
up being the one we got and we just haven't bothered to do another move.
> Without 2.4 compability patch of apparmor applied , aa-status
> returns nothing regarding application rules , but it works;
right, it should work with application data but it would not be able to
list what profiles are loaded. Unfortunately there is a bug currently,
there was a patch floated for it, I need to look into where its at.
> So I'm wondering what's the replacement of 'aa-status' command ?
There are 2 versions the old perl version and a newer rewrite in python
> I failed to find a compability patch of linux 3.4 , since it changed
> a lot after linux 3.3 , i'm not able to fix the patch(for 3.3) myself ..
The 3.4 compatibility patches changed for 3.4 because part of the new interface
finally went upstream. We missed the 3.5 merge window for the rest of the
interface but hopefully 3.6 will have a complete interface and not need any
> linux kernel 3.4 + Apparmor 2.8 userspace toolset , latest arch linux
We care the compatibility patches in 4 places.
- the release tarball under the kernel-patches/3.4/ directory
the mount patch is not needed and is a new feature that isn't upstream yet
- the upstream bzr repo in the kernel-patches/3.4/
For the development branch (the 3.4 patches shouldn't change unless there are
2.8 point release fixes for them
bzr branch lp:apparmor
For the 2.8 branch
bzr branch lp:apparmor/2.8
- the apparmor upstream kernel repo on kernel.org
git checkout --track origin/v3.4-aa2.8 -b v3.4-aa2.8
If you run into any problems just drop a question here or pop into the irc channel
#apparmor on oftc.net (you may need to wait a few hours for a response either way
depending on when you ask)
More information about the AppArmor