[apparmor] AppArmor 2.10 branch created

John Johansen john.johansen at canonical.com
Tue Dec 8 21:58:52 UTC 2015 

On 12/08/2015 12:05 PM, Christian Boltz wrote:
> Hello,
> 
> Am Mittwoch, 18. November 2015 schrieb John Johansen:
>> On 11/18/2015 04:51 AM, Christian Boltz wrote:
>>> I hereby nominate all my pending patches for 2.10 ;-)
>>> (Yes, that includes the signal rule handling, even if that is a new
>>> feature ;-)
> 
>> Christian,
>>
>> generally we try to avoid putting new features into the previous
>> release. With that said, there are all kinds of exceptions to that,
>> and many things that are "new" features, could also be called bugs
>> because the feature has already been partially rolled out.
> 
> Too bad nobody filed a bug saying "aa-logprof doesn't support signal log 
> events" ;-)
> 
>> Since you are doing most of the work on maintaining logprof/genprof
>> I'll deferred to your judgement on how likely these would be to
>> introduce a regression. So with the promise that you will work to fix
>> any regression they introduce, if you want to put them in 2.10 you
>> have my
>>
>> Acked-by: John Johansen <john.johansen at canonical.com>
> 
> I'm quite sure SignalRule doesn't introduce regressions, so there  is no 
> need to fix any regressions *eg*
> 
well sometimes introducing new features causes regressions in existing
features, that is the concern.

> That said - I just sent the next patch series for ptrace rule support, 
> which would be the next thing to backport - or not ;-)
> 
again, I will defer to your judgement as long as there a best effort to
fix any regressions that get introduced.

> AFAIK Ubuntu is the only distribution with a kernel that supports signal 
> and ptrace rules, and the chances Ubuntu will provide an update to 
> 2.10.1 for Ubuntu <= 15.x seem to be quite low [1]. This means there's 
> no real-world benefit by adding SignalRule or PtraceRule to 2.10.x. 
> 
well only distro, maybe. I think there are a couple small ones shipping
the updated patchset. And there are certainly individuals on arch, elementary
and a few others that are using them

> Therefore I'll keep SignalRule and PtraceRule in trunk only.
> (We can always backport the patches to 2.10.x if there is a real need.)
> 
sure that makes sense

More information about the AppArmor mailing list