[pkg-apparmor] Bug#1054123: apparmor breaks nfs root
intrigeri
intrigeri at debian.org
Wed Oct 25 10:22:12 BST 2023
Hi,
Christian Boltz (2023-10-17):
> Am Dienstag, 17. Oktober 2023, 14:18:43 CEST schrieb Anton Ivanov:
>> Alternatively, the kernel should stop treating network filesystem
>> access as network access for apparmor purposes. That, however,
>> is likely to a be a bit difficult.
> [...]
>> Kernel: Linux 5.10.0-22-amd64 (SMP w/12 CPU threads)
>
> This issue was fixed in kernel 6.0 [1]
Thanks a lot, Christian, for the info!
Current Debian stable (Bookworm), released a few months ago, ships
Linux 6.1, so I'm closing this bug as fixed.
I understand this problem affects only Bullseye (and older systems) on
NFS root. The fact it took more than 2 years since the Bullseye
release for anyone to report it gives us an indication that the impact
is minimal. And now we know the workaround should be relatively
straightforward for the kind of user who are able to set up NFS root:
upgrade to Bookworm's kernel. Therefore I don't think it would be
a good usage of limited Debian volunteer resources to spend time
backporting the fix for Bullseye.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list