[PATCH 0/4] [Karmic SRU] AppArmor fixes for LP#451375 LP#462824 LP#458299 LP#453335
Andy Whitcroft
apw at canonical.com
Sat Oct 31 12:18:21 UTC 2009
On Fri, Oct 30, 2009 at 11:41:41AM -0700, John Johansen wrote:
> The following changes since commit 7423c4c3b22816168b912c39a0298227076854b8:
> Scott James Remnant (1):
> UBUNTU: SAUCE: trace: add trace events for open(), exec() and uselib()
>
> are available in the git repository at:
>
> kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jj/apparmor-karmic.git master
Would be more helpful for all to use the git:// form for this as then
anyone can pull and review them.
>
> John Johansen (4):
> UBUNTU: SAUCE: AppArmor: AppArmor wrongly reports allow perms as denied
It appears that this is a reporting issue. This is pertinant as we are
trying to encourage people to write new and fix AA profiles this would
make that pretty hard. Looks nice and simple.
Acked-by: Andy Whitcroft <apw at canonical.com>
> UBUNTU: SAUCE: AppArmor: Policy load and replacement can fail to alloc mem
Version two of this patch looks to solve the issues I was worried about
previously. There is a minor whitespace issue but other than that it
seems correct to my eye.
Acked-by: Andy Whitcroft <apw at canonical.com>
> UBUNTU: SAUCE: AppArmor: AppArmor fails to audit change_hat correctly
>From my reading of the leader it appears without this patch we are
unable to use the learning mode to make new profiles. That sounds
pretty unfortuanate as we are trying to encourage new profiles to be
made to improve security. Though the patch is pretty big, the semantic
change seems pretty small correcting which name is used.
Acked-by: Andy Whitcroft <apw at canonical.com>
> UBUNTU: SAUCE: AppArmor: AppArmor disallows truncate of deleted files.
This patch looks pretty simple, only changing behaviour where file is
deleted. I understand this affects firefox so is of concern. Looks ok
to me.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list