[Apparmor-dev] 2.6.29 update

Mario Fetka mario.fetka at gmail.com
Wed May 20 03:18:08 MDT 2009 

On Monday, 27. April 2009 00:25:04 John Johansen wrote:
> John Johansen wrote:
> > Just an update,
> >
> > I found myself with a less than functional computer for the last while
> > and I haven't finished the update yet.  I have time tonight and over the
> > next few days so it should finally go up soon.
> >
> > sorry for the inconvenience and delay
>
> Just an update, I am sorry to say I was too optimistic, and I don't have
> it working yet.  I know the delay has been unacceptably long, but I am
> working on it, and it will happen.  I have set aside time each day and
> over the next couples AppArmor should see more development than it has
> for a long time.
>
> It has turned into much more of a rewrite than I had expected, with much
> of the domain transitions and locking changing.  As well as some other
> structural changes.
>
> I have abandoned the vfs based patchset for 2.6.29 (sorry I wasted time
> on this, the update would have probably be out by now if I hadn't) and
> the patchset will be entirely based on the security_path based hooks.
>
> The 2.6.29 version of AppArmor will at least temporarily be dropping
> some features.  I have mentioned this before but the set has changed
> some.  Replacement is back, but setprofile will still be missing as
> well as some other features that don't fit into the security_path
> framework.
>
> The patchset is going to happen in two distinct sets.  The first is a
> slightly stripped version of AppArmor that will work on 2.6.29 without
> any patching to the kernel beyond adding the AppArmor module.  This
> won't provide full mediation of some kernel objects and setting of
> attrs, etc.  This is the version that will go up in the next couple of
> days.
>
> After this goes up, I am going to move 2.3 AppArmor onto a new branch,
> and trunk will become the development version.  The module will see more
> cleanups and changes.  This time focusing on cleaning up the interface
> and how permissions are handled.  This is the version I plan to post to
> lkml, to begin upstreaming efforts again.
>
> A following set of patches will add missing mediation back in as can be
> achieved with a focus on upstreaming.  So basically features dependent
> on new hooks/changes to hooks, won't be added to AppArmor until they
> pass upstreaming.
>
> john
>

Hallo John,

whats the state of the update?


any news ?

thx
Mario

More information about the Apparmor-dev mailing list