[Apparmor-general] apparmor for 2.6.24
John Johansen
jjohansen at suse.de
Wed Jan 23 16:35:52 MST 2008
On Wed, Jan 23, 2008 at 09:14:47PM +0100, Arkadiusz Miskiewicz wrote:
> On Wednesday 23 of January 2008, John Johansen wrote:
> > On Sat, Jan 19, 2008 at 11:20:28PM +0100, Arkadiusz Miskiewicz wrote:
> > > Hello,
> > >
> > > Are there any apparmor patches for 2.6.24rcX available ?
> >
> > At this moment only the development branch supports 2.6.24. With that
> > said I am currently reviving the patches and will check in kernel patches
> > for AppArmor 2.1.1 against 2.6.22, 2.6.23, and 2.6.24.
> >
> > And a snapshot release of AppArmor 2.1.1 should be coming tonight or
> > tomorrow, at which point I will post an announcement of where it can be
> > found.
>
> How the problem with LSM being static interface got handled?
>
It is handled with a boot parameter.
> I hope that there will still be posibility to switch between kernel security
> stuff and apparmor at runtime (boot time to be exact). Trying to provide
> users ability to choose between without rebuilding kernel.
>
yes, you can switch between different LSMs at boot. Currently each
LSM that you want to be able to choose between has to be compiled into
the kernel. AppArmor picks up an extra Kconfig option to determine whether
you want it enabled by default, and you can enable it or disable it with
a kernel boot parameter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-general/attachments/20080123/ca710070/attachment.pgp
More information about the Apparmor-general
mailing list