[Apparmor-general] AppArmor for 2.6.29 update
John Johansen
jrjohansen at verizon.net
Mon Apr 6 02:39:52 MDT 2009
I am sorry to say that I haven't had a lot of time to update AppArmor
for the 2.6.29 kernel. The 2.6.29 kernel has a couple of significant
changes that affect AppArmor, and make this update more time consuming
than any recent update. In particular the credentials and security path
permission hook changes are significant.
The roll out of the 2.6.29 update is going to happen in 3 phases.
1. Very Basic AppArmor port using an updated version of the vfs patch
set. This will have basic support for the credentials update, but will
disable several AppArmor features.
- setprofile (used by the profile tools)
- profile replacement of tasks. The replacement of the profiles list
will occur but not the profile on any pre-existing tasks.
2. AppArmor with replacement and setprofile.
3. AppArmor using the security path hooks.
phase 1, should come out some time today once, I separate it from the
phase 2 work that needs more debugging. Phase 2 will hopefully follow
in just a couple of days, and then Phase 3 will hopefully hit at the end
of the week.
john
More information about the Apparmor-general
mailing list