[apparmor] IPC and sockets

John Johansen john.johansen at canonical.com
Wed Feb 7 13:59:08 UTC 2018


On 02/07/2018 04:32 AM, Viacheslav Salnikov wrote:
> Hi guys,
> 
> I checked out Ubuntu 16.04 and got this output:
> $ cat /sys/kernel/security/apparmor/features/network/af_unix
> yes
> 
> But Ubuntu 16.04 based on 4.4 kernel
> $ uname -a
> Linux 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
> 
> 
> I cloned xenial kernel for investigation and af_unit is in the kernel.
> Does it mean that somebody did the backport or what? Maybe you know about that.
> 

yes ubuntu backported the 17.04 apparmor patches to the 4.4 kernel for 16.04. You can find
the same basic backports against the upstream kernel at

http://kernel.ubuntu.com/git/jj/linux-apparmor-backports/

specifically the branch series

  v4.10-aa3.6-backport-to-v4.X

where X is covers 4.0 .. 4.9

there is also a v4.13 backport series, but it only backports which backport 4.13 apparmor to
4.12, 4.11, and 4.10


the upstream backport series does not include the out of tree patches but those can be
obtained from the apparmor project tree in the kernel patches directory

https://gitlab.com/apparmor/apparmor/tree/master/kernel-patches

or from the ubuntu kernel git tree

this comes with the standard disclaimer that out of tree patches and interfaces may change
some as part of the upstreaming process



More information about the AppArmor mailing list