[Apparmor-dev] apparmor broken on 2.6.24-rc8

[Luiz Fernando N. Capitulino]

 Hi there,

 I'm one of the Mandriva kernel developers and we're having some issues
with apparmor for 2.6.24-rc8 (kernel 2.6.24 will be used in our next
main release).

 The patches we're having problems were taken from SuSe's factory
kernel from January, 18.

 The first problem is that apparmor doesn't initialize. You pass the
'apparmor=1' command-line but it says in dmesg that apparmor wasn't
able to initialize. I've backported a fix from the latest patchset
submitted to Andrew Morton (attached), which seems to work.

 But then the second problem happens:

# service apparmor start

"""
Loading AppArmor profiles /sbin/apparmor_parser: Unable to add "/bin/netstat".  Profile doesn't conform to protocol
 Profile /etc/apparmor.d/bin.netstat failed to load
/sbin/apparmor_parser: Unable to add "/bin/ping".  Profile doesn't conform to protocol
 Profile /etc/apparmor.d/bin.ping failed to load
/sbin/apparmor_parser: Unable to add "/sbin/klogd".  Profile doesn't conform to protocol
 Profile /etc/apparmor.d/sbin.klogd failed to load
/sbin/apparmor_parser: Unable to add "/sbin/syslogd".  Profile doesn't conform to protocol
[...]
"""

 I've applied the latest patchset version (apparmor-kernel-patch-2.6.24-rc4-mm.tgz)
on top of kernel 2.6.24-rc4-mm1 and it just works.

 Does this mean SuSe's version is broken? What about porting
that (working) -mm version to 2.6.24 vanilla?

 Thanks a lot.

-- 
Luiz Fernando N. Capitulino
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apparmor-fix-enable-flag.patch
Type: text/x-patch
Size: 1113 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20080123/bc6d70b1/apparmor-fix-enable-flag.bin