Re: [apparmor] [PATCH] audio and base abstraction updates
On 04/09/2013 06:36 AM, Christian Boltz wrote: > Hello, > > Am Montag, 8. April 2013 schrieb Jamie Strandboge: >> Recent kernels/glibc also now trigger reads for >> /proc/sys/vm/overcommit_memory. This is explained in both malloc(3) >> and proc(5). Basically, there are different memory allocation >> strategies and /proc/sys/vm/overcommit_memory contains the 'virtual >> memory accounting' mode. The update for the base abstraction gives >> read access to this file. > > To make the collection complete: > Acked-By: Christian Boltz > > Please also backport both patches to the 2.8 branch. > Acked-By: Jamie Strandboge > > As a side effect of the abstractions/base patch, we should also clean up > the usr.sbin.nscd profile (which includes abstractions/base): > > === modified file 'profiles/apparmor.d/usr.sbin.nscd' > --- profiles/apparmor.d/usr.sbin.nscd 2013-03-05 21:11:59 + > +++ profiles/apparmor.d/usr.sbin.nscd 2013-04-09 11:29:38 + > @@ -42,7 +42,6 @@ >@{PROC}/@{pid}/maps r, >@{PROC}/@{pid}/mounts r, >@{PROC}/filesystems r, > - @{PROC}/sys/vm/overcommit_memory r, > ># Site-specific additions and overrides. See local/README for details. >#include > > To avoid trouble with *.rpmnew files etc., this small patch shouldn't be > backported to 2.8. > Acked-By: Jamie Strandboge -- Jamie Strandboge http://www.ubuntu.com/ signature.asc Description: OpenPGP digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [PATCH] audio and base abstraction updates
Hello, Am Montag, 8. April 2013 schrieb Jamie Strandboge: > Recent kernels/glibc also now trigger reads for > /proc/sys/vm/overcommit_memory. This is explained in both malloc(3) > and proc(5). Basically, there are different memory allocation > strategies and /proc/sys/vm/overcommit_memory contains the 'virtual > memory accounting' mode. The update for the base abstraction gives > read access to this file. To make the collection complete: Acked-By: Christian Boltz Please also backport both patches to the 2.8 branch. As a side effect of the abstractions/base patch, we should also clean up the usr.sbin.nscd profile (which includes abstractions/base): === modified file 'profiles/apparmor.d/usr.sbin.nscd' --- profiles/apparmor.d/usr.sbin.nscd 2013-03-05 21:11:59 + +++ profiles/apparmor.d/usr.sbin.nscd 2013-04-09 11:29:38 + @@ -42,7 +42,6 @@ @{PROC}/@{pid}/maps r, @{PROC}/@{pid}/mounts r, @{PROC}/filesystems r, - @{PROC}/sys/vm/overcommit_memory r, # Site-specific additions and overrides. See local/README for details. #include To avoid trouble with *.rpmnew files etc., this small patch shouldn't be backported to 2.8. Regards, Christian Boltz -- im Vergleich dazu [...] in etwa so, als wenn man mit den Händen den Kasten Bier aus dem Supermarkt die 20 Meter nach Hause schleppt statt mit einem Flugzeugträger festzumachen, umd das gleiche zu erledigen. ;) [Timo Schoeler in postfixbuch-users] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Can't use aa on 3.8.6 kernel!
On 04/09/2013 01:58 AM, Aaron Lewis wrote: > Hi John! > > On 01:38 Tue 09 Apr , John Johansen wrote: >> On 04/08/2013 10:57 PM, Aaron Lewis wrote: >>> Hi, >>> >>> I'm running Arch with 3.8.6. kernel, and I got it patched with 2.8.1 >>> releases. >>> >>> But aa-status got errors, >>> >>> apparmor module is loaded. >>> apparmor filesystem is not mounted. >>> >>> Any ideas? >>> >>> P.S securityfs is mounted, mount shows: >>> >>> securityfs on /sys/kernel/security type securityfs (rw,relatime) >>> >> aaron what patches are applied? Is this a stock 3.8 kernel? > > The patch set for 3.6, and I modified the code a bit to make the patch > work (no functionality change) > > The 3.8.6 kernel with grsec patch. > >> >> What is the value returned from >> >> cat /sys/module/apparmor/parameters/enabled >> > > Says 'N' > > But I have a `security=apparmor` in /proc/cmdline, so that's no longer > suitable? > No that should still apply. There are a couple of other configs that could cause apparmor to not register. if apparmor is built with the config SECURITY_APPARMOR_BOOTPARAM_VALUE=0 then even if security=apparmor is set apparmor will be disabled, and can only be enabled by setting apparmor=1 in boot loaders kernel cmdline. So you can try this without even having to rebuild the kernel. If security= isn't set then the default lsm is used what ever that is set to (shouldn't apply in this case). -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Can't use aa on 3.8.6 kernel!
Hi John! On 01:38 Tue 09 Apr , John Johansen wrote: > On 04/08/2013 10:57 PM, Aaron Lewis wrote: > > Hi, > > > > I'm running Arch with 3.8.6. kernel, and I got it patched with 2.8.1 > > releases. > > > > But aa-status got errors, > > > > apparmor module is loaded. > > apparmor filesystem is not mounted. > > > > Any ideas? > > > > P.S securityfs is mounted, mount shows: > > > > securityfs on /sys/kernel/security type securityfs (rw,relatime) > > > aaron what patches are applied? Is this a stock 3.8 kernel? The patch set for 3.6, and I modified the code a bit to make the patch work (no functionality change) The 3.8.6 kernel with grsec patch. > > What is the value returned from > > cat /sys/module/apparmor/parameters/enabled > Says 'N' But I have a `security=apparmor` in /proc/cmdline, so that's no longer suitable? -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Can't use aa on 3.8.6 kernel!
On 04/08/2013 10:57 PM, Aaron Lewis wrote: > Hi, > > I'm running Arch with 3.8.6. kernel, and I got it patched with 2.8.1 releases. > > But aa-status got errors, > > apparmor module is loaded. > apparmor filesystem is not mounted. > > Any ideas? > > P.S securityfs is mounted, mount shows: > > securityfs on /sys/kernel/security type securityfs (rw,relatime) > aaron what patches are applied? Is this a stock 3.8 kernel? What is the value returned from cat /sys/module/apparmor/parameters/enabled -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor