date:20130409

Re: [apparmor] [PATCH] audio and base abstraction updates

2013-04-09 Thread Jamie Strandboge

On 04/09/2013 06:36 AM, Christian Boltz wrote:
> Hello,
> 
> Am Montag, 8. April 2013 schrieb Jamie Strandboge:
>> Recent kernels/glibc also now trigger reads for
>> /proc/sys/vm/overcommit_memory. This is explained in both malloc(3)
>> and proc(5). Basically, there are different memory allocation
>> strategies and /proc/sys/vm/overcommit_memory contains the 'virtual
>> memory accounting' mode. The update for the base abstraction gives
>> read access to this file.
> 
> To make the collection complete:
> Acked-By: Christian Boltz 
> 
> Please also backport both patches to the 2.8 branch.
> 
Acked-By: Jamie Strandboge 

> 
> As a side effect of the abstractions/base patch, we should also clean up 
> the usr.sbin.nscd profile (which includes abstractions/base):
> 
> === modified file 'profiles/apparmor.d/usr.sbin.nscd'
> --- profiles/apparmor.d/usr.sbin.nscd   2013-03-05 21:11:59 +
> +++ profiles/apparmor.d/usr.sbin.nscd   2013-04-09 11:29:38 +
> @@ -42,7 +42,6 @@
>@{PROC}/@{pid}/maps r,
>@{PROC}/@{pid}/mounts r,
>@{PROC}/filesystems r,
> -  @{PROC}/sys/vm/overcommit_memory r,
>  
># Site-specific additions and overrides. See local/README for details.
>#include 
> 
> To avoid trouble with *.rpmnew files etc., this small patch shouldn't be
> backported to 2.8.
> 

Acked-By: Jamie Strandboge 



-- 
Jamie Strandboge http://www.ubuntu.com/



signature.asc
Description: OpenPGP digital signature
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH] audio and base abstraction updates

2013-04-09 Thread Christian Boltz

Hello,

Am Montag, 8. April 2013 schrieb Jamie Strandboge:
> Recent kernels/glibc also now trigger reads for
> /proc/sys/vm/overcommit_memory. This is explained in both malloc(3)
> and proc(5). Basically, there are different memory allocation
> strategies and /proc/sys/vm/overcommit_memory contains the 'virtual
> memory accounting' mode. The update for the base abstraction gives
> read access to this file.

To make the collection complete:
Acked-By: Christian Boltz 

Please also backport both patches to the 2.8 branch.


As a side effect of the abstractions/base patch, we should also clean up 
the usr.sbin.nscd profile (which includes abstractions/base):

=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd   2013-03-05 21:11:59 +
+++ profiles/apparmor.d/usr.sbin.nscd   2013-04-09 11:29:38 +
@@ -42,7 +42,6 @@
   @{PROC}/@{pid}/maps r,
   @{PROC}/@{pid}/mounts r,
   @{PROC}/filesystems r,
-  @{PROC}/sys/vm/overcommit_memory r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include 

To avoid trouble with *.rpmnew files etc., this small patch shouldn't be
backported to 2.8.


Regards,

Christian Boltz
-- 
im Vergleich dazu [...] in etwa so, als wenn man mit den Händen den
Kasten Bier aus dem Supermarkt die 20 Meter nach Hause schleppt statt
mit einem Flugzeugträger festzumachen, umd das gleiche zu erledigen. ;)
[Timo Schoeler in postfixbuch-users]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] Can't use aa on 3.8.6 kernel!

2013-04-09 Thread John Johansen

On 04/09/2013 01:58 AM, Aaron Lewis wrote:
> Hi John!
> 
> On 01:38 Tue 09 Apr , John Johansen wrote:
>> On 04/08/2013 10:57 PM, Aaron Lewis wrote:
>>> Hi,
>>>
>>> I'm running Arch with 3.8.6. kernel, and I got it patched with 2.8.1 
>>> releases.
>>>
>>> But aa-status got errors,
>>>
>>> apparmor module is loaded.
>>> apparmor filesystem is not mounted.
>>>
>>> Any ideas?
>>>
>>> P.S securityfs is mounted, mount shows:
>>>
>>> securityfs on /sys/kernel/security type securityfs (rw,relatime)
>>>
>> aaron what patches are applied? Is this a stock 3.8 kernel?
> 
> The patch set for 3.6, and I modified the code a bit to make the patch
> work (no functionality change)
> 
> The 3.8.6 kernel with grsec patch.
> 
>>
>> What is the value returned from
>>
>> cat /sys/module/apparmor/parameters/enabled
>>
> 
> Says 'N'
> 
> But I have a `security=apparmor` in /proc/cmdline, so that's no longer
> suitable?
> 
No that should still apply. There are a couple of other configs that could
cause apparmor to not register.

if apparmor is built with the config SECURITY_APPARMOR_BOOTPARAM_VALUE=0
then even if security=apparmor is set apparmor will be disabled, and can
only be enabled by setting apparmor=1 in boot loaders kernel cmdline.
So you can try this without even having to rebuild the kernel.

If security= isn't set then the default lsm is used what ever that is set
to (shouldn't apply in this case).


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] Can't use aa on 3.8.6 kernel!

2013-04-09 Thread Aaron Lewis

Hi John!

On 01:38 Tue 09 Apr , John Johansen wrote:
> On 04/08/2013 10:57 PM, Aaron Lewis wrote:
> > Hi,
> > 
> > I'm running Arch with 3.8.6. kernel, and I got it patched with 2.8.1 
> > releases.
> > 
> > But aa-status got errors,
> > 
> > apparmor module is loaded.
> > apparmor filesystem is not mounted.
> > 
> > Any ideas?
> > 
> > P.S securityfs is mounted, mount shows:
> > 
> > securityfs on /sys/kernel/security type securityfs (rw,relatime)
> > 
> aaron what patches are applied? Is this a stock 3.8 kernel?

The patch set for 3.6, and I modified the code a bit to make the patch
work (no functionality change)

The 3.8.6 kernel with grsec patch.

> 
> What is the value returned from
> 
> cat /sys/module/apparmor/parameters/enabled
> 

Says 'N'

But I have a `security=apparmor` in /proc/cmdline, so that's no longer
suitable?

-- 
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] Can't use aa on 3.8.6 kernel!

2013-04-09 Thread John Johansen

On 04/08/2013 10:57 PM, Aaron Lewis wrote:
> Hi,
> 
> I'm running Arch with 3.8.6. kernel, and I got it patched with 2.8.1 releases.
> 
> But aa-status got errors,
> 
> apparmor module is loaded.
> apparmor filesystem is not mounted.
> 
> Any ideas?
> 
> P.S securityfs is mounted, mount shows:
> 
> securityfs on /sys/kernel/security type securityfs (rw,relatime)
> 
aaron what patches are applied? Is this a stock 3.8 kernel?

What is the value returned from

cat /sys/module/apparmor/parameters/enabled


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH] audio and base abstraction updates

Re: [apparmor] [PATCH] audio and base abstraction updates

Re: [apparmor] Can't use aa on 3.8.6 kernel!

Re: [apparmor] Can't use aa on 3.8.6 kernel!

Re: [apparmor] Can't use aa on 3.8.6 kernel!

5 matches

Site Navigation

Mail list logo

Footer information