[apparmor] Proposal - revert chroot_relative changes for 2.8
Steve Beattie
steve at nxnw.org
Tue Mar 13 18:19:58 UTC 2012
Hi John,
On Mon, Mar 12, 2012 at 04:25:39PM -0700, John Johansen wrote:
> We had planned to transition to chroot relative profiles by default in 2.8
> but I don't believe we are ready for this, yet.
>
> chroot rules did not make it into 2.8 necessitating any profile confining a
> task which uses chroot use the namespace_relative flag.
>
> Nor do we have solution yet for dealing with chroot changes from unconfined
> meaning we need to at a minimum revert the changes for unconfined.
>
> As such I think it makes more sense to make this transition in 3.0 and keep
> the 2.x series semantically consistent.
I agree, I don't think we have enough in place to support this, and
without that, chroot relative is causing problems for our users. I think
what you've outlined as a roadmap is a good plan.
Do you want to capture, if you have not already, what needs to be done
to support chroot relative in 3.0?
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120313/65062b99/attachment.pgp>
More information about the AppArmor
mailing list