[apparmor] Status of nnp override?
John Johansen
john.johansen at canonical.com
Wed Aug 28 06:18:51 UTC 2019
On 8/27/19 6:28 PM, apparmor at zestysoft.com wrote:
> Any chance the NNP override made it upstream? I don't mean to be a nag -- if there is a string or something I can search for to discover when this happens, please point me in the right direction.
>
> I finally have some time to work on the FullSystemPolicy stuff again -- I know John Johansen mentioned that there might be a test kernel for the nnp override otherwise? I think there was a problem with userspace that can work with it back in June, but maybe progress has been made since then?
>
> Appreciate everything you guys are doing,
It hasn't yet, and I haven't had a chance to get back to the patch to fix its issues. It is high on the priority list, but with my current schedule I don't expect I will be able to get to it for a few weeks.
When a test kernel is ready I can point you at it. You will indeed need an updated userspace capable of specifying the override on your exec rule. I'll make sure to get a PR up for that as well when the kernel is ready.
More information about the AppArmor
mailing list