[apparmor] [Kerenl Patch 0/32] RCU locking and interface
John Johansen
john.johansen at canonical.com
Fri Jan 18 13:23:04 UTC 2013
On 01/16/2013 01:28 PM, John Johansen wrote:
> So this is the latest iteration of the new profile locking and profile/
> namespace directory. There has been no changes to the dir layout since
> last time but several bug fixes
>
> eg.
>
> /sys/kernel/security/apparmor/
> .load
> .remove
> .replace
> features/
> profiles
> policy/ # new policy dir
> profiles # profiles in the namespace
> usr.bin.foo.9/ # sid-mangled profile name
> name # profile name
> mode # profile mode (enforce, complain)
> attach # attachment re string
> profiles/ # hats and children profiles
> bar.12/
> name
> mode
> namespaces/ # namespaces under root
> ns1/ # example sub ns
> profiles/
> namespaces/
>
>
> The RCU patches where reworked fixes several subtle race conditions.
>
> patches 1-16 should already have Acks on them from review, and
> patches 28-32 are there to provide a fully functional system, and should
> not be review atm
>
> Some of the new patches are setting up for changes required by the
> coming labeling patches (eg. changing how 21/32 changing how profile
> replacement is handled)
>
> The other set of new patches are to allow specifying a default profile
> from boot which makes doing total system confinement much easier
>
> So once again, the set of patches that a
>
So this got cut off and I don't even remember what I was going to say
This set of patches has been built against the Ubuntu raring kernel
with the addition of the perm query patch from the dbus dev branch,
as the apparmor 3 alpha1 kernel.
It is available from the apparmor-devel ppa
https://launchpad.net/~apparmor-dev/+archive/apparmor-devel
It will work with the current quantal and raring userspace for those
who want to play with it.
I will work on getting a userspace alpha1 package up soon, as well as
a patched dbus for those who want to play with dbus mediation.
More information about the AppArmor
mailing list