[apparmor] Next apparmor version

Fri Jul 21 16:11:56 UTC 2017

On 07/21/2017 06:13 AM, Goldwyn Rodrigues wrote:
> 
> 
> On 07/19/2017 10:17 AM, John Johansen wrote:
> <snip>
> 
>>>> Would you have a tree which can be cloned for the patches still need to
>>>> be ported or have a development tree? I did check out the linux-apparmor
>>>> tree [1], but it does not seem to have more than what is present in the
>>>> apparmor-utils.
>>>>
>>>> [1] git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
>>>>
>>>
>>> right, I have been doing the Ubuntu based backports in the
>>>
>>> git://kernel.ubuntu.com/jj/linux-apparmor-backports
>>>
>>> The kernel.org tree is only used for upstream based work.
>>>
>>> I will be pusing branches to there but since the 4.13 versions will be
>>> based on upstream, I will also likely be pushing them to the kernel.org
>>> tree.
>>>
>>> I'll push what I have of the 4.13 backports when I get back tomorrow
>>> sorry for the delay on this,
>>
>> I have pushed 6 branches to git://kernel.ubuntu.com/jj/linux-apparmor-backports
>> they have all been successfully built but are currently untested
>>
>> v4.13-apparmor-backport-to-v4.12-presquash
>> v4.13-apparmor-backport-to-v4.12
>> v4.13-apparmor-backport-to-v4.11-presquash
>> v4.13-apparmor-backport-to-v4.11
>> v4.13-apparmor-backport-to-v4.10-presquash
>> v4.13-apparmor-backport-to-v4.10
> 
> Thanks a lot for doing this.
> 
>>
>> the presquash branch has the full list of cherry-picked upstream commits. The
>> non-presquash branches have a squashed single patch for the apparmor snapshot
>> that should be identical to what is in v4.13 atm (this looks likely to change
>> during the merge period and I will have to refresh).
>>
>> cherry-picked patches were done so that they only pickup the apparmor changes
>> and don't touch the rest of the kernel. There is then a set of backport patches
>> that sit on top of the snapshot that provide explicit per commit changes needed
>> to get the 4.13 snapshot of apparmor working on the specified kernel.
>>
>> The only patch that touches outside of the apparmor tree is the
>>   securityfs: add the ability to support symlinks
>>
>>
>> The v4.10 kernel will be last kernel I do the individual cherry-picks for. Earlier
>> kernels will only have the snap shot version. (The individual cherry-picks take
>> more work).
> 
> From SUSE's POV, we are interested in v4.12 only. However, cherry-picked
> version help reviewing the patches.
> 
>>
>> The missing features that are targeted to v4.14 (that will bring Ubuntu equivalence)
>> are not on these kernels. I will push new branches in a few weeks tagged something
>> like
>> v4.13-apparmor+aa3.6-backport-to-XXX
>>
> 
> What is aa3.6?
> 

It is the version number associated with the Ubuntu version in the Ubuntu kernels.
It still has some features that are not in the v4.13 kernel.