Btrfs v0.14 Released

Jeff Schroeder jeffschroed at gmail.com
Fri May 2 18:14:56 UTC 2008


On Fri, May 2, 2008 at 11:01 AM, Jeff Mahoney <jeffm at suse.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>
>
> Jan Engelhardt wrote:
>  > On Friday 2008-05-02 18:26, Jeff Mahoney wrote:
>  >>> To the best of my knowledge, the AppArmor patches are arch and flavour
>  >>> independent. If CONFIG_SECURITY_APPARMOR exists, then the AA code is
>  >>> compiled. This is certainly the case for Hardy. Neither Kees or myself
>  >>> are aware of any reason why it won't also hold true for Intrepid.
>  >> Grumble. The issue isn't whether AA is enabled, it's whether it's
>  >> present in the source. Patching the source with AA modifies a bunch of
>  >> core VFS function prototypes. CONFIG_SECURITY_APPARMOR won't exist if AA
>  >> isn't enabled, but the prototypes will have changed anyway.
>  >
>  > So... add an invisible CONFIG_HAVE_APPARMOR, much like
>  > CONFIG_X86_HAVE_CMPXCHG (or whatever it's called), and test for that.
>  > As long as you are not in the mainline kernel, every hack is
>  > forgiven.
>
>  That'll work moving forward, but btrfs also supports older releases.
>
>
>  - -Jeff

So how about this for older releases? It should work on Ubuntu 7.10 or
8.10 installs with apparmor enabled by default:

#if defined(CONFIG_VERSION_SIGNATURE)
# if (LINUX_VERSION_CODE = KERNEL_VERSION(2,6,24)) ||
(LINUX_VERSION_CODE = KERNEL_VERSION(2,6,20))
# define REMOVE_SUID_PATH 1
# endif
#endif

Maybe add a blurb in the install doc about this for users trying to
build ubuntu kernels with no apparmor (probably a rarity).

CONFIG_VERSION_SIGNATURE can be likened to CONFIG_SUSE

-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com




More information about the kernel-team mailing list