Re: [apparmor] stacked filesystems status update?
On 11/03/2012 09:16 AM, intrigeri wrote: > Hi, > > John Johansen wrote (16 Apr 2012 20:08:42 GMT) : >> On 04/16/2012 12:48 PM, intrigeri wrote: >>> Hi, >>> >>> as the maintainer of a Live system that uses aufs, I'm severely hit by >>> the lack of support for stacked filesystems in AppArmor. >>> >>> Steve's comment #41 on LP #131976 [0] suggests an easy workaround. >>> However, John's comment #42 explains that "there is still a bug in >>> alias processing, that needs to be fixed before this will work". >>> >>> Was this alias processing bug fixed? >>> If it was not, is it tracked anywhere? >>> >> Sadly it has not been fixed, despite it being a critical bug it requires >> some major work to fix, there has been progress on it but it is not done. >> The work around right now is manually splitting some rules, so that the >> current alias rules can be applied (see below). > >> https://bugs.launchpad.net/apparmor/+bug/888077 > >> aliases as they are currently implemented aren't applied to regular >> expressions that would match against the alias root. > >> Eg. > >> alias /home/ -> /mnt/rw, > >> /** rw, #rule not correctly aliased >> /home/** rw # rule is correctly aliased > >> I am trying to get this code rework done for the next release post >> the up coming 2.8 release. Being a compiler only fix it is possible >> we can backport this to previous releases. > > Any news on this front? > Its still a work in progress, you should see some parser cleanup, and permission rework patches that are leading towards getting this fixed but are insufficient in and of themselves to fix the issue. I hope that we can get it fixed for the 3.0 release due in the spring -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] stacked filesystems status update?
Hi, John Johansen wrote (16 Apr 2012 20:08:42 GMT) : > On 04/16/2012 12:48 PM, intrigeri wrote: >> Hi, >> >> as the maintainer of a Live system that uses aufs, I'm severely hit by >> the lack of support for stacked filesystems in AppArmor. >> >> Steve's comment #41 on LP #131976 [0] suggests an easy workaround. >> However, John's comment #42 explains that "there is still a bug in >> alias processing, that needs to be fixed before this will work". >> >> Was this alias processing bug fixed? >> If it was not, is it tracked anywhere? >> > Sadly it has not been fixed, despite it being a critical bug it requires > some major work to fix, there has been progress on it but it is not done. > The work around right now is manually splitting some rules, so that the > current alias rules can be applied (see below). > https://bugs.launchpad.net/apparmor/+bug/888077 > aliases as they are currently implemented aren't applied to regular > expressions that would match against the alias root. > Eg. > alias /home/ -> /mnt/rw, > /** rw, #rule not correctly aliased > /home/** rw # rule is correctly aliased > I am trying to get this code rework done for the next release post > the up coming 2.8 release. Being a compiler only fix it is possible > we can backport this to previous releases. Any news on this front? -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] stacked filesystems status update?
On 04/16/2012 12:48 PM, intrigeri wrote: > Hi, > > as the maintainer of a Live system that uses aufs, I'm severely hit by > the lack of support for stacked filesystems in AppArmor. > > Steve's comment #41 on LP #131976 [0] suggests an easy workaround. > However, John's comment #42 explains that "there is still a bug in > alias processing, that needs to be fixed before this will work". > > Was this alias processing bug fixed? > If it was not, is it tracked anywhere? > Sadly it has not been fixed, despite it being a critical bug it requires some major work to fix, there has been progress on it but it is not done. The work around right now is manually splitting some rules, so that the current alias rules can be applied (see below). https://bugs.launchpad.net/apparmor/+bug/888077 aliases as they are currently implemented aren't applied to regular expressions that would match against the alias root. Eg. alias /home/ -> /mnt/rw, /** rw, #rule not correctly aliased /home/** rw # rule is correctly aliased I am trying to get this code rework done for the next release post the up coming 2.8 release. Being a compiler only fix it is possible we can backport this to previous releases. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] stacked filesystems status update?
Hi, as the maintainer of a Live system that uses aufs, I'm severely hit by the lack of support for stacked filesystems in AppArmor. Steve's comment #41 on LP #131976 [0] suggests an easy workaround. However, John's comment #42 explains that "there is still a bug in alias processing, that needs to be fixed before this will work". Was this alias processing bug fixed? If it was not, is it tracked anywhere? [0] https://bugs.launchpad.net/ubuntu/+source/casper/+bug/131976 Regards, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
