[apparmor] IPC and sockets
John Johansen
john.johansen at canonical.com
Fri Feb 9 12:34:29 UTC 2018
On 02/09/2018 04:05 AM, Viacheslav Salnikov wrote:
> Hi Jonh,
>
> But even if upstream backport from 4.10 to 4.4 does not contain out-of-tree patches, Xenial 4.4 has sockets support (*and probably namespaces support too*).
>
> Or am I wrong?
>
correct for socket support, the network and af_unix mediation patches
are not present in the backport.
as I noted
> the upstream backport series does not include the out of tree patches but those can be
> obtained from the apparmor project tree in the kernel patches directory
>
> https://gitlab.com/apparmor/apparmor/tree/master/kernel-patches <https://gitlab.com/apparmor/apparmor/tree/master/kernel-patches>
as for policy namespace support it has existed in various forms since
apparmor was included in 2.6.36, its just a matter of what interfaces
are supported the 4.11, 4.12, and 4.13 kernels each added support for
newer interfaces and reworked apparmorfs to better support policy
namespaces.
Full support of apparmor policy around linux namespaces (mount, user,
pid, ...) is still a wip
More information about the AppArmor
mailing list