[pkg-apparmor] Bug#712451: Please support AppArmor network rules
intrigeri
intrigeri at debian.org
Tue Jul 24 11:26:56 BST 2018
Hi,
(John, one question for you below, please search for your name :)
Vincas Dargis:
> On 7/22/18 3:48 PM, intrigeri wrote:
>> Vincas Dargis:
>>> I've managed to install 4.17.0-rc3 and 4.18.0-rc4 with equivs hack, and I did not see
>>> any immediate problems with some lightweight testing.
>>
>> Great.
>>
>> Both on Stretch, right?
> Yes.
>> Did you disable feature-set pinning entirely or update the feature-set
>> to enable the new features? If the latter, can you please share the
>> exact feature-set you've used?
> I have feature-set commented out.
OK!
I'm now running 4.17 from sid without feature set pinning and did not
notice any breakage either.
*But* I don't think that just upgrading to 4.17 actually gives me
network socket mediation. I have this in parser.conf:
warn=rule-not-enforced
warn=rule-downgraded
… and when compiling policy, I see "network rules not enforced" all
over the place.
Then I've read somewhere that network socket mediation might need
newer userspace (I'm running 2.13 from Debian experimental).
John, could you please tell me how I can benefit from the network
socket mediation feature that was merged into Linux 4.17?
>>> Though it would be really nice to have some sort of integration test suite for
>>> apparmor-confined packages to do some serious testing before releasing upgrades...
>>
>> Absolutely.
> Does Debian packages has infrastructure for integration tests that maintainer could run after building?
Yes: autopkgtest. If you're interested in working on this, please
start a dedicated thread on the team ML or on a new bug report :)
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list