[Oneiric][Patch 0/3] AppArmor update for Oneiric v2

Tim Gardner tim.gardner at canonical.com
Fri Aug 12 13:23:13 UTC 2011


On 08/11/2011 01:59 PM, John Johansen wrote:
> - Drop sync of compatibility patches
> - reworked rlimits patch to not require AppArmor: add utility function to get an arbitrary tasks profile.
> - dropped AppArmor: Add kvzalloc to handle zeroing for kvmalloc
> - dropped AppArmor: Remove "permipc" command
> - updated to apply AppArmor: add support for generic perm query again current profile
>
> The following changes since commit 7731cf0ecf5412872d5a4a25ab3ace22690f4408:
>
>    UBUNTU: Ubuntu-3.0.0-8.10 (2011-08-05 11:33:35 -0700)
>
> are available in the git repository at:
>    git://kernel.ubuntu.com/jj/ubuntu-oneiric.git apparmor
>
> John Johansen (3):
>        AppArmor: Relax the restrictions on setting rlimits
>        AppArmor: Allow loading of policy containing generic policy dfa
>        AppArmor: add support for generic perm query
>
>   security/apparmor/apparmorfs-24.c    |    2 +-
>   security/apparmor/file.c             |    2 +-
>   security/apparmor/include/file.h     |    2 ++
>   security/apparmor/include/policy.h   |    4 ++++
>   security/apparmor/include/procattr.h |    1 +
>   security/apparmor/lsm.c              |   12 ++++++++----
>   security/apparmor/policy.c           |    1 +
>   security/apparmor/policy_unpack.c    |   11 +++++++++++
>   security/apparmor/procattr.c         |   34 ++++++++++++++++++++++++++++++++++
>   security/apparmor/resource.c         |   15 ++++++++++++---
>   10 files changed, 75 insertions(+), 9 deletions(-)
>
>
>

John - the patches look OK. However, while I can tell _what_ they are 
doing, I don't know _why_. _Why_ are you relaxing restrictions on 
setting rlimits? _Why_ do patches 2 and 3 appear to be adding new 
features that haven't been vetted by upstream ?

rtg
-- 
Tim Gardner tim.gardner at canonical.com



More information about the kernel-team mailing list