Btrfs v0.14 Released
Jeff Schroeder
jeffschroed at gmail.com
Fri May 2 18:14:56 UTC 2008
On Fri, May 2, 2008 at 11:01 AM, Jeff Mahoney <jeffm at suse.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Jan Engelhardt wrote:
> > On Friday 2008-05-02 18:26, Jeff Mahoney wrote:
> >>> To the best of my knowledge, the AppArmor patches are arch and flavour
> >>> independent. If CONFIG_SECURITY_APPARMOR exists, then the AA code is
> >>> compiled. This is certainly the case for Hardy. Neither Kees or myself
> >>> are aware of any reason why it won't also hold true for Intrepid.
> >> Grumble. The issue isn't whether AA is enabled, it's whether it's
> >> present in the source. Patching the source with AA modifies a bunch of
> >> core VFS function prototypes. CONFIG_SECURITY_APPARMOR won't exist if AA
> >> isn't enabled, but the prototypes will have changed anyway.
> >
> > So... add an invisible CONFIG_HAVE_APPARMOR, much like
> > CONFIG_X86_HAVE_CMPXCHG (or whatever it's called), and test for that.
> > As long as you are not in the mainline kernel, every hack is
> > forgiven.
>
> That'll work moving forward, but btrfs also supports older releases.
>
>
> - -Jeff
So how about this for older releases? It should work on Ubuntu 7.10 or
8.10 installs with apparmor enabled by default:
#if defined(CONFIG_VERSION_SIGNATURE)
# if (LINUX_VERSION_CODE = KERNEL_VERSION(2,6,24)) ||
(LINUX_VERSION_CODE = KERNEL_VERSION(2,6,20))
# define REMOVE_SUID_PATH 1
# endif
#endif
Maybe add a blurb in the install doc about this for users trying to
build ubuntu kernels with no apparmor (probably a rarity).
CONFIG_VERSION_SIGNATURE can be likened to CONFIG_SUSE
--
Jeff Schroeder
Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com
More information about the kernel-team
mailing list