we now have AppArmor enabled in the Debian kernels. This is great.
Thank you for enabling it. This made it possible to start an
effort* towards having some kind of minimal AppArmor support
One of the major things that make AppArmor rather troublesome to use
in production (in the version that was upstreamed) is the lack of the
"legacy interface" patch; that patch is carried e.g. by Ubuntu, but
not upstreamed yet.
The lack of this patch means that network mediation does not work at
all, and that profile states cannot be queried; e.g. aa-status and
aa-genprof are totally unusable as is. Kees Cook and others have been
working on building the new interface for the kernel, but they tell me
it is slow-going.
As of today, I'm not asking the Debian kernel team to carry this patch
(well, if you want to, I won't complain
. The purpose of this bug
report is rather to allow us to mark other bugs, reported against the
AppArmor userspace tools, as blocked by the lack of kernel support.
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org