[apparmor] About 4.7 upstream kernel patches
Seth Arnold
seth.arnold at canonical.com
Wed Apr 5 07:41:16 UTC 2017
On Wed, Apr 05, 2017 at 09:03:01AM +0300, Vincas Dargis wrote:
> So my question is, what's status of these patches, when they will be actually
> available? I do not know how Linux patch propagation works, so I would be
> thankful to get some enlightenment in this topic.
Hi Vincas,
Different kernel maintainers get to pick and choose what they'd like to
include in their kernels. The Ubuntu kernels ship what's probably best
considered "upstream AppArmor". I believe the best place to see what's in
these is John's trees at http://kernel.ubuntu.com/git/jj/ with the ubuntu
zesty kernel being the current target of development:
http://kernel.ubuntu.com/git/jj/ubuntu-zesty.git/
John also maintains a git tree with backports of AppArmor to various older
kernels of importance:
http://kernel.ubuntu.com/git/jj/linux-apparmor-backports/
The different branches bring features and bugfixes from 'future' versions
of apparmor to 'past' versions of kernels.
John's also trying to merge new AppArmor development into the mainline
Linux kernel. The kernel devs require patches to be laid out in a nice
linear methodical order, buildable at every patch, ideally bootable at
every patch, and preparing patches in this manner takes time and effort.
You can see an example of this at:
https://lkml.org/lkml/2017/1/16/691
and the tree at
https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git/log/?h=for-security
As more of AppArmor gets into the mainline Linux kernel, it'll eventually
filter down to the consumers that don't want to manage AppArmor in their
sources directly.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170405/b15eeee9/attachment.pgp>
More information about the AppArmor
mailing list