[apparmor] [PATCH 1/4] tests: Update the regression tests for v6 policy

John Johansen john.johansen at canonical.com
Wed Mar 26 22:26:24 UTC 2014


<< snip >>

>> My current Ubuntu Trusty kernel and the several previous release kernels
>> don't have $aafs/features/policy/versions/v6, or the versions/
>> directory at all, but these tests ran just fine. With this change, these
>> tests will be skipped on those kernels.
>>
>> What's the point of this v6 check and what kernels have
>> $aafs/features/policy/versions/v6?
>>
> right so this is the mediate unix sockets on connect behavior. This was added
> in Saucy but done poorly and there was no way to auto detect between old and
> new semantics.
> 
> This lead to problems for the backport kernels, and chroots, lxc, running older
> userspaces on a newer kernel.
> 
> To fix this we introduced extra versioning. This appears in the ipc test kernels
> in the dbus-deb ppa.
> 
> So older userspaces that don't understand the v6 semanitc, or newer userspaces
> run on older kernels, work with the old v5 semantic.
> 

Just a quick addendum.

Ideally we would be testing all combinations that the kernel and userspace
supports. For this pass I was just trying to get it where the test suite would
pass on precise and on trusty.




More information about the AppArmor mailing list