Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

Hi! Vincas Dargis: > Since network mediation is reverted from 4.14 (sorry have no link to > cite), is this still a blocker? You're correct in that this task does not block the whole "enabling AppArmor by default" plan anymore, since we have pinned the Linux 4.13 feature set and such pinning was "

Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

Since network mediation is reverted from 4.14 (sorry have no link to cite), is this still a blocker? Do we need to "sprint" for 4.14-possibly-introducing issues?

Bug#877581: [pkg-apparmor] Bug#877581: Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

When testing stuff on 4.14, make sure you: - use apparmor 2.11.1 - disable features-files= in /etc/apparmor/parser.conf (otherwise not only you'll be stuck to 4.13's feature set and unable to do useful work here, but worse you'll hit a kernel bug wrt. feature set pinning & network rule

Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

Vincas Dargis: > On 2017.10.12 07:37, intrigeri wrote: >> I suspect more is coming. Ubuntu / OpenSUSE probably already have >> some of this stuff. > Could you clarify, why Ubuntu should have issues, if they had > network mediation before? You're right, Ubuntu should not be affected by this proble

Bug#877581: [pkg-apparmor] Bug#877581: Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

Christian Boltz: > It turned out that the added "network unix dgram/stream" rules are not > really needed. Let me explain ;.-) > In theory apparmor_parser should downgrade the "unix" rules in > abstractions/base to "network unix" rules (when using Kernel < 4.15), > which allows more than "netwo

Bug#877581: [pkg-apparmor] Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

Hello, Am Donnerstag, 12. Oktober 2017, 18:18:53 CEST schrieb Vincas Dargis: > Could you clarify, why Ubuntu should have issues, if they had network > mediation before? It turned out that the added "network unix dgram/stream" rules are not really needed. Let me explain ;.-) In theory apparmor_p

Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

On 2017.10.12 07:37, intrigeri wrote: I suspect more is coming. Ubuntu / OpenSUSE probably already have some of this stuff. Could you clarify, why Ubuntu should have issues, if they had network mediation before?

Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

Control: retitle -1 apparmor: Ensure our AppArmor policy does not break stuff with Linux 4.14 Control: tag -1 - patch Control: tag -1 - pending I've upgraded my system to 4.14 and had to adjust no less than 7 profiles *after* applying Christian's patch to abstractions/nameservice. They're spread

Bug#877581: apparmor: Ensure Linux 4.14 does not break abstractions/nameservice

Package: apparmor Version: 2.11.0-11 Severity: important This bug is meant to track https://lists.alioth.debian.org/pipermail/pkg-apparmor-team/2017-October/001755.html We should apply this patch as a temporary workaround before Linux 4.14 reaches Debian (ideally, before it reaches experimental).