[apparmor] [patch 0/8] Ubuntu apparmor package patches not yet in trunk
Tyler Hicks
tyhicks at canonical.com
Wed Feb 12 16:34:49 UTC 2014
Thanks for taking on this task, Seth!
On 2014-02-11 15:53:31, Seth Arnold wrote:
> The patch header for this one suggests that we should integrate it into
> upstream AppArmor only after the AppArmor patches to dbus have been
> integrated into upstream dbus.
> Thoughts?
> 0068-libapparmor-mention-dbus-method-in-getcon-man.patch
That patch documents a dbus-daemon method that can be called to get a
connection's AppArmor label. In Ubuntu's patched dbus-daemon, the method
is org.freedesktop.DBus.GetConnectionAppArmorSecurityContext. It is part
of the top-level org.freedesktop.DBus interface, just like the SELinux
equivalent. However, I've seen upstream D-Bus talk about how the SELinux
method shouldn't be in the top-level interface so I suspect that they'll
want to move the AppArmor method before merging it. Let's wait on
applying this patch to trunk.
>
> Parts of this patch were integrated into trunk, but the
> libraries/libapparmor/src/libapparmor.map change is funny:
> 0053-libapparmor-Export-a-label-based-query-interface.patch
>
> (The trunk version adds the aa_query_label symbol to APPARMOR_3.0; the
> patch in the Ubuntu packaging adds the symbol to APPARMOR_1.1.)
The trunk version is correct. I can't remember why I added it to
APPARMOR_1.1 in Ubuntu but that's wrong for trunk.
Thanks again!
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140212/5b20ac4e/attachment.pgp>
More information about the AppArmor
mailing list