[apparmor] AppArmor 2.8.95 without out-of-tree kernel patches?

intrigeri intrigeri at debian.org
Sat Jun 7 12:37:12 UTC 2014


it's being discussed [1] what version of the AppArmor userspace we'll
ship in Debian Jessie.

On the kernel side, most likely we'll have what is in the mainline
version of Linux that is chosen for Jessie; possibly a few backports
of things that land into mainline after this kernel is released might
be added on top, but I don't think we'll have any out-of-tree patches.

On the userspace side, we currently have 2.8.0 (!), and hopefully
we'll get 2.8.3 soonish. For Jessie, I think we basically have to
choose between 2.8.3 and 2.8.95.

I've read on the relevant Ubuntu freeze-exception request [2] that
AppArmor 2.8.95 was tested with Ubuntu kernels, with and without the
ptrace and signal mediation ones.

That's good to know, but I'm wondering if anyone has tested AppArmor
2.8.95 without out-of-tree kernel patches at all, using this
combination in production, and/or shipping it to users.

Has anyone here any experience to share on this topic?
Thanks in advance!

[And very sorry for not having followed-up yet on the thread I've
started about sharing profiles maintenance..]

[1] https://bugs.debian.org/746764
[2] https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611

  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

More information about the AppArmor mailing list