[Apparmor-dev] Apparmor kernel module
John Johansen
jjohansen at suse.de
Wed Nov 19 15:37:22 MST 2008
Giuseppe Iuculano wrote:
> John Johansen ha scritto:
>
>> The current version of AppArmor requires patching the kernel. The old
>> deprecated version also required patching the kernel but it was a much
>> smaller (a single export).
>>
>> We hope this situation will change in the future, but currently your
>> best bet is sticking with the AppArmor 2.3 (trunk) patches.
>
> Thanks for your fast reply.
> Kernel policy in Debian is to follow upstream kernel as closely as possible, so
> if I can't get a stand-alone apparmor module, I have no chance to get a working
> apparmor debian package (unless you push that patch to the mainline kernel).
>
I am sorry to hear this but it is understandable and not unexpected.
We do intent to try pushing AppArmor upstream again, and the chances of
inclusion look better if we adopt the tomoyo LSM patch set. The chance
of a standalone module even if the kernel adopts the tomoyo LSM patch
set or the AppArmor vfs patch set is 0, as the upstream kernel now
requires that LSM modules be builtin.
john
More information about the Apparmor-dev
mailing list