On 05/30/2012 08:08 AM, micah anderson wrote: > > Hi all, > > Its been 2 months without a reply on this issue, and we are getting > close to a freeze. Kees and John it looks like there are some pending > questions for you below, it would be great if you could chime in with > your opinons: > >> If the Debian kernel team was willing to carry some kind of AppArmor >> kernel/userspace interface patch, I'm now unsure if the old or new >> ones would be better suited. (I assume AppArmor 2.8 is released long >> enough before the Wheezy freeze, so that we can ship it in there, and >> are given this choice.) >> >> On the one hand, the old compat' patches are confidence inspiring, as >> they are small and have been shipped by Ubuntu for a while. > > My opinon: the 2.4 compat patch is tiny, and it works well, and has been > tested for some time, I think it makes the most sense to include this > one. > probably, especially if you are looking to keep the patch as small as possible
>> On the other hand, it seems the new patches are being upstreamed, >> which makes them more appealing somehow than the older ones. > > The newer patch is bigger, some of it must be backported from Linux 3.4, > some from Ubuntu, it is much less tested and I suspect because of that > will encounter much more resistance from Debian's kernel team to include > it. Presumably this will eventually be the one that will be upstreamed, > but it isn't there yet. This is why I think the 2.4 compat patch is the > way to go with Wheezy, when the newer patch is upstreamed that can be > swapped out then. > yeah to clarify, half of the new interface went upstream in 3.4 and I can provide a version of that that is backported but its a few patches and not as small as the compat patch. In addition to that you would need a compatibility patch on top of that, that provides the features the current upstream interface doesn't >> John, I think it would help if you could please point us more >> precisely to the commits of the new interface that have been >> upstreamed already, and to the ones that have not been, so that we can >> get a rough idea of where things are at. >> hrmmm, I think I missed answering this before the upstream patches 9acd494be9387b0608612cd139967201dd7a4e12 e74abcf3359d0130e99a6511ac484a3ea9e6e988 a9bf8e9fd561ba9ff1f0f2a1d96e439fcedaaaa4 d384b0a1a35f87f0ad70c29518f98f922b1c15cb the additional patch to complete the interface git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor v3.4-aa2.8 8de755e4dfdbc40bfcaca848ae6b5aeaf0ede0e8 vs. the old compat patch git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor da1ce2265ebb70860b9c137a542e48b170e4606b >> Kees, others, what do you think? > While I like to see the latest stuff, I think the old patch is a smaller delta, well tested and going to be less to maintain so it really seems the way to go. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fc6b14b.70...@canonical.com