[ubuntu-hardened] Re moving suid root from binaries where it isn't needed
Kees Cook
kees at ubuntu.com
Wed Oct 31 04:44:47 GMT 2007
On Tue, Oct 30, 2007 at 09:07:29PM -0700, Phillip Lougher wrote:
> I'd be surprised if AppArmor was removed from the liveCD kernel. What I
> think you're referring to is that the integration of AppArmor caused Unionfs
> to be updated to 2.1.2 (AppArmor changes the VFS interfaces which Unionfs
> uses, and we had a patch for Unionfs 2.1.2). The presence of numerous bugs
> in Unionfs 2.1.2 badly broke the liveCD. Following this a patch for the
> AppArmor VFS changes was made for Unionfs 1.4, and Unionfs was reverted to
> Unionfs 1.4 in the Gutsy kernel. This should have solved liveCD booting
> without removing AppArmor.
AppArmor was disabled (not removed) on the liveCD due to issues
surrounding how unionfs was making the root filesystem paths visible to
AppArmor. The installed system, though, has it enabled.
-Kees
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071030/f561b8c5/attachment.pgp
More information about the ubuntu-hardened
mailing list