[pkg-apparmor] Bug#877581: Bug#877581: Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice
intrigeri
intrigeri at debian.org
Mon Oct 23 14:36:37 UTC 2017
Christian Boltz:
> It turned out that the added "network unix dgram/stream" rules are not
> really needed. Let me explain ;.-)
> In theory apparmor_parser should downgrade the "unix" rules in
> abstractions/base to "network unix" rules (when using Kernel < 4.15),
> which allows more than "network unix dgram/stream".
> In practise this rule downgrade was broken in apparmor_parser, and got
> fixed in AppArmor 2.11.1, 2.10.3 and 2.9.5.
> So once you update apparmor_parser to one of these versions, profiles
> that include abstractions/base (which basically means all profiles)
> should no longer need the "network unix dgram/stream" rules.
Great! I'm packaging 2.11.1 as we speak, so I've reverted your patch
(that I had previously applied to our packaging bzr repo, but did not
upload to Debian yet). Thanks for the heads up!
> Note that the patch discussed in this bugreport adds a few other rules -
> those will still be needed.
Indeed. I want to work on this later this week.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list