FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 02-24-2012, 03:56 PM
John Johansen
 
Default AppArmor update for Precise

This apparmor update is to meet the requirements of the following blue-prints
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-permissions-rework
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-ubuntu

it also contains the fix for
BugLink: http://bugs.launchpad.net/bugs/925028


The following changes since commit 00e2d7f3bcaf0cbb3d93defce24106966b6d017d:

UBUNTU: Ubuntu-3.2.0-17.26 (2012-02-17 10:13:46 -0800)

are available in the git repository at:

ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-precise.git apparmor

for you to fetch changes up to 183a6edfaf235fafec23ee6ec608306f94cd5bd5:

UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs (2012-02-24 05:50:47 -0800)

----------------------------------------------------------------
John Johansen (19):
Revert "UBUNTU: SAUCE: AppArmor: Fix unpack of network tables."
Revert "AppArmor: compatibility patch for v5 interface"
Revert "AppArmor: compatibility patch for v5 network controll"
Revert "UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace"
UBUNTU: SAUCE: AppArmor: Add mising end of structure test to caps unpacking
UBUNTU: SAUCE: AppArmor: Fix dropping of allowed operations that are force audited
UBUNTU: SAUCE: AppArmor: Fix underflow in xindex calculation
UBUNTU: SAUCE: AppArmor: fix mapping of META_READ to audit and quiet flags
UBUNTU: SAUCE: AppArmor: Fix the error case for chroot relative path name lookup
UBUNTU: SAUCE: AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
UBUNTU: SAUCE: AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
UBUNTU: SAUCE: AppArmor: Update dfa matching routines.
UBUNTU: SAUCE: AppArmor: Move path failure information into aa_get_name and rename
UBUNTU: SAUCE: AppArmor: Make chroot relative the default path lookup type
UBUNTU: SAUCE: AppArmor: Add ability to load extended policy
UBUNTU: SAUCE: AppArmor: basic networking rules
UBUNTU: SAUCE: AppArmor: Add profile introspection file to interface
UBUNTU: SAUCE: AppArmor: Add the ability to mediate mount
UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs

Kees Cook (4):
UBUNTU: SAUCE: AppArmor: refactor securityfs to use structures
UBUNTU: SAUCE: AppArmor: add initial "features" directory to securityfs
UBUNTU: SAUCE: AppArmor: add "file" details to securityfs
UBUNTU: SAUCE: AppArmor: export known rlimit names/value mappings in securityfs

include/linux/lsm_audit.h | 7 +
security/apparmor/.gitignore | 2 +-
security/apparmor/Kconfig | 9 -
security/apparmor/Makefile | 71 +++-
security/apparmor/apparmorfs-24.c | 287 ---------------
security/apparmor/apparmorfs.c | 450 +++++++++++++++++++++---
security/apparmor/audit.c | 5 +
security/apparmor/domain.c | 7 +-
security/apparmor/file.c | 21 +-
security/apparmor/include/apparmor.h | 16 +-
security/apparmor/include/apparmorfs.h | 50 +++-
security/apparmor/include/audit.h | 9 +-
security/apparmor/include/domain.h | 2 +
security/apparmor/include/file.h | 2 +-
security/apparmor/include/match.h | 3 +
security/apparmor/include/mount.h | 53 +++
security/apparmor/include/net.h | 6 +-
security/apparmor/include/path.h | 3 +-
security/apparmor/include/policy.h | 13 +
security/apparmor/include/resource.h | 4 +
security/apparmor/lsm.c | 59 ++++
security/apparmor/match.c | 97 ++++-
security/apparmor/mount.c | 600 ++++++++++++++++++++++++++++++++
security/apparmor/net.c | 25 +-
security/apparmor/path.c | 54 ++--
security/apparmor/policy.c | 4 +
security/apparmor/policy_unpack.c | 35 ++-
security/apparmor/resource.c | 5 +
28 files changed, 1438 insertions(+), 461 deletions(-)
delete mode 100644 security/apparmor/apparmorfs-24.c
create mode 100644 security/apparmor/include/mount.h
create mode 100644 security/apparmor/mount.c

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-24-2012, 09:03 PM
Tim Gardner
 
Default AppArmor update for Precise

On 02/24/2012 08:56 AM, John Johansen wrote:

This apparmor update is to meet the requirements of the following blue-prints
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-permissions-rework
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-ubuntu

it also contains the fix for
BugLink: http://bugs.launchpad.net/bugs/925028


The following changes since commit 00e2d7f3bcaf0cbb3d93defce24106966b6d017d:

UBUNTU: Ubuntu-3.2.0-17.26 (2012-02-17 10:13:46 -0800)

are available in the git repository at:

ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-precise.git apparmor

for you to fetch changes up to 183a6edfaf235fafec23ee6ec608306f94cd5bd5:

UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs (2012-02-24 05:50:47 -0800)

----------------------------------------------------------------
John Johansen (19):
Revert "UBUNTU: SAUCE: AppArmor: Fix unpack of network tables."
Revert "AppArmor: compatibility patch for v5 interface"
Revert "AppArmor: compatibility patch for v5 network controll"
Revert "UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace"
UBUNTU: SAUCE: AppArmor: Add mising end of structure test to caps unpacking
UBUNTU: SAUCE: AppArmor: Fix dropping of allowed operations that are force audited
UBUNTU: SAUCE: AppArmor: Fix underflow in xindex calculation
UBUNTU: SAUCE: AppArmor: fix mapping of META_READ to audit and quiet flags
UBUNTU: SAUCE: AppArmor: Fix the error case for chroot relative path name lookup
UBUNTU: SAUCE: AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
UBUNTU: SAUCE: AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
UBUNTU: SAUCE: AppArmor: Update dfa matching routines.
UBUNTU: SAUCE: AppArmor: Move path failure information into aa_get_name and rename
UBUNTU: SAUCE: AppArmor: Make chroot relative the default path lookup type
UBUNTU: SAUCE: AppArmor: Add ability to load extended policy
UBUNTU: SAUCE: AppArmor: basic networking rules
UBUNTU: SAUCE: AppArmor: Add profile introspection file to interface
UBUNTU: SAUCE: AppArmor: Add the ability to mediate mount
UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs

Kees Cook (4):
UBUNTU: SAUCE: AppArmor: refactor securityfs to use structures
UBUNTU: SAUCE: AppArmor: add initial "features" directory to securityfs
UBUNTU: SAUCE: AppArmor: add "file" details to securityfs
UBUNTU: SAUCE: AppArmor: export known rlimit names/value mappings in securityfs

include/linux/lsm_audit.h | 7 +
security/apparmor/.gitignore | 2 +-
security/apparmor/Kconfig | 9 -
security/apparmor/Makefile | 71 +++-
security/apparmor/apparmorfs-24.c | 287 ---------------
security/apparmor/apparmorfs.c | 450 +++++++++++++++++++++---
security/apparmor/audit.c | 5 +
security/apparmor/domain.c | 7 +-
security/apparmor/file.c | 21 +-
security/apparmor/include/apparmor.h | 16 +-
security/apparmor/include/apparmorfs.h | 50 +++-
security/apparmor/include/audit.h | 9 +-
security/apparmor/include/domain.h | 2 +
security/apparmor/include/file.h | 2 +-
security/apparmor/include/match.h | 3 +
security/apparmor/include/mount.h | 53 +++
security/apparmor/include/net.h | 6 +-
security/apparmor/include/path.h | 3 +-
security/apparmor/include/policy.h | 13 +
security/apparmor/include/resource.h | 4 +
security/apparmor/lsm.c | 59 ++++
security/apparmor/match.c | 97 ++++-
security/apparmor/mount.c | 600 ++++++++++++++++++++++++++++++++
security/apparmor/net.c | 25 +-
security/apparmor/path.c | 54 ++--
security/apparmor/policy.c | 4 +
security/apparmor/policy_unpack.c | 35 ++-
security/apparmor/resource.c | 5 +
28 files changed, 1438 insertions(+), 461 deletions(-)
delete mode 100644 security/apparmor/apparmorfs-24.c
create mode 100644 security/apparmor/include/mount.h
create mode 100644 security/apparmor/mount.c



John - this is kind of late in the game for such a large patch set. Have
you extracted a feature freeze exception from the release team? Where
are these patches with regard to the upstream process? Why shouldn't we
wait and backport them from the 3.4 merge window?


rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-24-2012, 09:15 PM
John Johansen
 
Default AppArmor update for Precise

On 02/24/2012 02:03 PM, Tim Gardner wrote:
> On 02/24/2012 08:56 AM, John Johansen wrote:
>> This apparmor update is to meet the requirements of the following blue-prints
>> https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers
>> https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-permissions-rework
>> https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-ubuntu
>>
>> it also contains the fix for
>> BugLink: http://bugs.launchpad.net/bugs/925028
>>
>>
>> The following changes since commit 00e2d7f3bcaf0cbb3d93defce24106966b6d017d:
>>
>> UBUNTU: Ubuntu-3.2.0-17.26 (2012-02-17 10:13:46 -0800)
>>
>> are available in the git repository at:
>>
>> ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-precise.git apparmor
>>
>> for you to fetch changes up to 183a6edfaf235fafec23ee6ec608306f94cd5bd5:
>>
>> UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs (2012-02-24 05:50:47 -0800)
>>
>> ----------------------------------------------------------------
>> John Johansen (19):
>> Revert "UBUNTU: SAUCE: AppArmor: Fix unpack of network tables."
>> Revert "AppArmor: compatibility patch for v5 interface"
>> Revert "AppArmor: compatibility patch for v5 network controll"
>> Revert "UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace"
>> UBUNTU: SAUCE: AppArmor: Add mising end of structure test to caps unpacking
>> UBUNTU: SAUCE: AppArmor: Fix dropping of allowed operations that are force audited
>> UBUNTU: SAUCE: AppArmor: Fix underflow in xindex calculation
>> UBUNTU: SAUCE: AppArmor: fix mapping of META_READ to audit and quiet flags
>> UBUNTU: SAUCE: AppArmor: Fix the error case for chroot relative path name lookup
>> UBUNTU: SAUCE: AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
>> UBUNTU: SAUCE: AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
>> UBUNTU: SAUCE: AppArmor: Update dfa matching routines.
>> UBUNTU: SAUCE: AppArmor: Move path failure information into aa_get_name and rename
>> UBUNTU: SAUCE: AppArmor: Make chroot relative the default path lookup type
>> UBUNTU: SAUCE: AppArmor: Add ability to load extended policy
>> UBUNTU: SAUCE: AppArmor: basic networking rules
>> UBUNTU: SAUCE: AppArmor: Add profile introspection file to interface
>> UBUNTU: SAUCE: AppArmor: Add the ability to mediate mount
>> UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs
>>
>> Kees Cook (4):
>> UBUNTU: SAUCE: AppArmor: refactor securityfs to use structures
>> UBUNTU: SAUCE: AppArmor: add initial "features" directory to securityfs
>> UBUNTU: SAUCE: AppArmor: add "file" details to securityfs
>> UBUNTU: SAUCE: AppArmor: export known rlimit names/value mappings in securityfs
>>
>> include/linux/lsm_audit.h | 7 +
>> security/apparmor/.gitignore | 2 +-
>> security/apparmor/Kconfig | 9 -
>> security/apparmor/Makefile | 71 +++-
>> security/apparmor/apparmorfs-24.c | 287 ---------------
>> security/apparmor/apparmorfs.c | 450 +++++++++++++++++++++---
>> security/apparmor/audit.c | 5 +
>> security/apparmor/domain.c | 7 +-
>> security/apparmor/file.c | 21 +-
>> security/apparmor/include/apparmor.h | 16 +-
>> security/apparmor/include/apparmorfs.h | 50 +++-
>> security/apparmor/include/audit.h | 9 +-
>> security/apparmor/include/domain.h | 2 +
>> security/apparmor/include/file.h | 2 +-
>> security/apparmor/include/match.h | 3 +
>> security/apparmor/include/mount.h | 53 +++
>> security/apparmor/include/net.h | 6 +-
>> security/apparmor/include/path.h | 3 +-
>> security/apparmor/include/policy.h | 13 +
>> security/apparmor/include/resource.h | 4 +
>> security/apparmor/lsm.c | 59 ++++
>> security/apparmor/match.c | 97 ++++-
>> security/apparmor/mount.c | 600 ++++++++++++++++++++++++++++++++
>> security/apparmor/net.c | 25 +-
>> security/apparmor/path.c | 54 ++--
>> security/apparmor/policy.c | 4 +
>> security/apparmor/policy_unpack.c | 35 ++-
>> security/apparmor/resource.c | 5 +
>> 28 files changed, 1438 insertions(+), 461 deletions(-)
>> delete mode 100644 security/apparmor/apparmorfs-24.c
>> create mode 100644 security/apparmor/include/mount.h
>> create mode 100644 security/apparmor/mount.c
>>
>
> John - this is kind of late in the game for such a large patch set. Have you extracted a feature freeze exception from the release team? Where are these patches with regard to the upstream process? Why shouldn't we wait and backport them from the 3.4 merge window?
>
yes, its lat and yes there was a feature freeze exception the userspace components went in today and the kernel patch submission waited on the acceptance of that.

About the first half of these patches (kees's fs changes and the set of bug fixes) are going out as pull request today.

The other half are going up for further review, but have been through a round of review within the apparmor list already, we will be working on getting the patches upstream, and the current set can be replaced as they land in the security tree.





--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-24-2012, 09:27 PM
Tim Gardner
 
Default AppArmor update for Precise

On 02/24/2012 02:15 PM, John Johansen wrote:

On 02/24/2012 02:03 PM, Tim Gardner wrote:

On 02/24/2012 08:56 AM, John Johansen wrote:

This apparmor update is to meet the requirements of the following
blue-prints
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers



https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-permissions-rework

https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-ubuntu




it also contains the fix for

BugLink: http://bugs.launchpad.net/bugs/925028


The following changes since commit
00e2d7f3bcaf0cbb3d93defce24106966b6d017d:

UBUNTU: Ubuntu-3.2.0-17.26 (2012-02-17 10:13:46 -0800)

are available in the git repository at:

ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-precise.git
apparmor

for you to fetch changes up to
183a6edfaf235fafec23ee6ec608306f94cd5bd5:

UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs
(2012-02-24 05:50:47 -0800)

----------------------------------------------------------------
John Johansen (19): Revert "UBUNTU: SAUCE: AppArmor: Fix unpack
of network tables." Revert "AppArmor: compatibility patch for v5
interface" Revert "AppArmor: compatibility patch for v5 network
controll" Revert "UBUNTU: SAUCE: AppArmor: Allow dfa backward
compatibility with broken userspace" UBUNTU: SAUCE: AppArmor: Add
mising end of structure test to caps unpacking UBUNTU: SAUCE:
AppArmor: Fix dropping of allowed operations that are force
audited UBUNTU: SAUCE: AppArmor: Fix underflow in xindex
calculation UBUNTU: SAUCE: AppArmor: fix mapping of META_READ to
audit and quiet flags UBUNTU: SAUCE: AppArmor: Fix the error case
for chroot relative path name lookup UBUNTU: SAUCE: AppArmor:
Retrieve the dentry_path for error reporting when path lookup
fails UBUNTU: SAUCE: AppArmor: Minor cleanup of d_namespace_path
to consolidate error handling UBUNTU: SAUCE: AppArmor: Update dfa
matching routines. UBUNTU: SAUCE: AppArmor: Move path failure
information into aa_get_name and rename UBUNTU: SAUCE: AppArmor:
Make chroot relative the default path lookup type UBUNTU: SAUCE:
AppArmor: Add ability to load extended policy UBUNTU: SAUCE:
AppArmor: basic networking rules UBUNTU: SAUCE: AppArmor: Add
profile introspection file to interface UBUNTU: SAUCE: AppArmor:
Add the ability to mediate mount UBUNTU: SAUCE: AppArmor: Add
mount information to apparmorfs

Kees Cook (4): UBUNTU: SAUCE: AppArmor: refactor securityfs to
use structures UBUNTU: SAUCE: AppArmor: add initial "features"
directory to securityfs UBUNTU: SAUCE: AppArmor: add "file"
details to securityfs UBUNTU: SAUCE: AppArmor: export known
rlimit names/value mappings in securityfs

include/linux/lsm_audit.h | 7 +
security/apparmor/.gitignore | 2 +-
security/apparmor/Kconfig | 9 -
security/apparmor/Makefile | 71 +++-
security/apparmor/apparmorfs-24.c | 287 ---------------
security/apparmor/apparmorfs.c | 450
+++++++++++++++++++++--- security/apparmor/audit.c |
5 + security/apparmor/domain.c | 7 +-
security/apparmor/file.c | 21 +-
security/apparmor/include/apparmor.h | 16 +-
security/apparmor/include/apparmorfs.h | 50 +++-
security/apparmor/include/audit.h | 9 +-
security/apparmor/include/domain.h | 2 +
security/apparmor/include/file.h | 2 +-
security/apparmor/include/match.h | 3 +
security/apparmor/include/mount.h | 53 +++
security/apparmor/include/net.h | 6 +-
security/apparmor/include/path.h | 3 +-
security/apparmor/include/policy.h | 13 +
security/apparmor/include/resource.h | 4 +
security/apparmor/lsm.c | 59 ++++
security/apparmor/match.c | 97 ++++-
security/apparmor/mount.c | 600
++++++++++++++++++++++++++++++++ security/apparmor/net.c
| 25 +- security/apparmor/path.c | 54 ++--
security/apparmor/policy.c | 4 +
security/apparmor/policy_unpack.c | 35 ++-
security/apparmor/resource.c | 5 + 28 files changed,
1438 insertions(+), 461 deletions(-) delete mode 100644
security/apparmor/apparmorfs-24.c create mode 100644
security/apparmor/include/mount.h create mode 100644
security/apparmor/mount.c



John - this is kind of late in the game for such a large patch set.
Have you extracted a feature freeze exception from the release
team? Where are these patches with regard to the upstream process?
Why shouldn't we wait and backport them from the 3.4 merge window?


yes, its lat and yes there was a feature freeze exception the
userspace components went in today and the kernel patch submission
waited on the acceptance of that.

About the first half of these patches (kees's fs changes and the set
of bug fixes) are going out as pull request today.

The other half are going up for further review, but have been through
a round of review within the apparmor list already, we will be
working on getting the patches upstream, and the current set can be
replaced as they land in the security tree.






Kernel freeze isn't until April 5. If we pull these now, are you OK with
dropping them in favor of the patches that make the 3.4 merge window ?


rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-24-2012, 09:57 PM
John Johansen
 
Default AppArmor update for Precise

On 02/24/2012 02:27 PM, Tim Gardner wrote:
> On 02/24/2012 02:15 PM, John Johansen wrote:
>> On 02/24/2012 02:03 PM, Tim Gardner wrote:
>>> On 02/24/2012 08:56 AM, John Johansen wrote:
>>>> This apparmor update is to meet the requirements of the following
>>>> blue-prints
>>>> https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers
>>>>
>>>>
> https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-permissions-rework
>>>> https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-ubuntu
>>>>
>>>>
>>>>
> it also contains the fix for
>>>> BugLink: http://bugs.launchpad.net/bugs/925028
>>>>
>>>>
>>>> The following changes since commit
>>>> 00e2d7f3bcaf0cbb3d93defce24106966b6d017d:
>>>>
>>>> UBUNTU: Ubuntu-3.2.0-17.26 (2012-02-17 10:13:46 -0800)
>>>>
>>>> are available in the git repository at:
>>>>
>>>> ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-precise.git
>>>> apparmor
>>>>
>>>> for you to fetch changes up to
>>>> 183a6edfaf235fafec23ee6ec608306f94cd5bd5:
>>>>
>>>> UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs
>>>> (2012-02-24 05:50:47 -0800)
>>>>
>>>> ----------------------------------------------------------------
>>>> John Johansen (19): Revert "UBUNTU: SAUCE: AppArmor: Fix unpack
>>>> of network tables." Revert "AppArmor: compatibility patch for v5
>>>> interface" Revert "AppArmor: compatibility patch for v5 network
>>>> controll" Revert "UBUNTU: SAUCE: AppArmor: Allow dfa backward
>>>> compatibility with broken userspace" UBUNTU: SAUCE: AppArmor: Add
>>>> mising end of structure test to caps unpacking UBUNTU: SAUCE:
>>>> AppArmor: Fix dropping of allowed operations that are force
>>>> audited UBUNTU: SAUCE: AppArmor: Fix underflow in xindex
>>>> calculation UBUNTU: SAUCE: AppArmor: fix mapping of META_READ to
>>>> audit and quiet flags UBUNTU: SAUCE: AppArmor: Fix the error case
>>>> for chroot relative path name lookup UBUNTU: SAUCE: AppArmor:
>>>> Retrieve the dentry_path for error reporting when path lookup
>>>> fails UBUNTU: SAUCE: AppArmor: Minor cleanup of d_namespace_path
>>>> to consolidate error handling UBUNTU: SAUCE: AppArmor: Update dfa
>>>> matching routines. UBUNTU: SAUCE: AppArmor: Move path failure
>>>> information into aa_get_name and rename UBUNTU: SAUCE: AppArmor:
>>>> Make chroot relative the default path lookup type UBUNTU: SAUCE:
>>>> AppArmor: Add ability to load extended policy UBUNTU: SAUCE:
>>>> AppArmor: basic networking rules UBUNTU: SAUCE: AppArmor: Add
>>>> profile introspection file to interface UBUNTU: SAUCE: AppArmor:
>>>> Add the ability to mediate mount UBUNTU: SAUCE: AppArmor: Add
>>>> mount information to apparmorfs
>>>>
>>>> Kees Cook (4): UBUNTU: SAUCE: AppArmor: refactor securityfs to
>>>> use structures UBUNTU: SAUCE: AppArmor: add initial "features"
>>>> directory to securityfs UBUNTU: SAUCE: AppArmor: add "file"
>>>> details to securityfs UBUNTU: SAUCE: AppArmor: export known
>>>> rlimit names/value mappings in securityfs
>>>>
>>>> include/linux/lsm_audit.h | 7 +
>>>> security/apparmor/.gitignore | 2 +-
>>>> security/apparmor/Kconfig | 9 -
>>>> security/apparmor/Makefile | 71 +++-
>>>> security/apparmor/apparmorfs-24.c | 287 ---------------
>>>> security/apparmor/apparmorfs.c | 450
>>>> +++++++++++++++++++++--- security/apparmor/audit.c |
>>>> 5 + security/apparmor/domain.c | 7 +-
>>>> security/apparmor/file.c | 21 +-
>>>> security/apparmor/include/apparmor.h | 16 +-
>>>> security/apparmor/include/apparmorfs.h | 50 +++-
>>>> security/apparmor/include/audit.h | 9 +-
>>>> security/apparmor/include/domain.h | 2 +
>>>> security/apparmor/include/file.h | 2 +-
>>>> security/apparmor/include/match.h | 3 +
>>>> security/apparmor/include/mount.h | 53 +++
>>>> security/apparmor/include/net.h | 6 +-
>>>> security/apparmor/include/path.h | 3 +-
>>>> security/apparmor/include/policy.h | 13 +
>>>> security/apparmor/include/resource.h | 4 +
>>>> security/apparmor/lsm.c | 59 ++++
>>>> security/apparmor/match.c | 97 ++++-
>>>> security/apparmor/mount.c | 600
>>>> ++++++++++++++++++++++++++++++++ security/apparmor/net.c
>>>> | 25 +- security/apparmor/path.c | 54 ++--
>>>> security/apparmor/policy.c | 4 +
>>>> security/apparmor/policy_unpack.c | 35 ++-
>>>> security/apparmor/resource.c | 5 + 28 files changed,
>>>> 1438 insertions(+), 461 deletions(-) delete mode 100644
>>>> security/apparmor/apparmorfs-24.c create mode 100644
>>>> security/apparmor/include/mount.h create mode 100644
>>>> security/apparmor/mount.c
>>>>
>>>
>>> John - this is kind of late in the game for such a large patch set.
>>> Have you extracted a feature freeze exception from the release
>>> team? Where are these patches with regard to the upstream process?
>>> Why shouldn't we wait and backport them from the 3.4 merge window?
>>>
>> yes, its lat and yes there was a feature freeze exception the
>> userspace components went in today and the kernel patch submission
>> waited on the acceptance of that.
>>
>> About the first half of these patches (kees's fs changes and the set
>> of bug fixes) are going out as pull request today.
>>
>> The other half are going up for further review, but have been through
>> a round of review within the apparmor list already, we will be
>> working on getting the patches upstream, and the current set can be
>> replaced as they land in the security tree.
>>
>>
>>
>>
>
> Kernel freeze isn't until April 5. If we pull these now, are you OK with dropping them in favor of the patches that make the 3.4 merge window ?
>
yes, any patch that goes up should replace these, they will be the same
except for any changes made to address review. However there is a caveat
that if something doesn't make it into 3.4 we will likely have to carry
a patch.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 06:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org