Bug#712451: apparmor not support network rule
Control: tag -1 upstream intrigeri wrote (16 Jun 2013 13:26:27 GMT) : > The action that should be taken now belongs upstream. Flagging as such: IMO it is not Debian's responsibility to fix the situation. AppArmor userspace has been depending on out-of-tree kernel patches since at least Linux 2.6.36, and there is little we can do about it. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#712451: apparmor not support network rule
Hi, johnw wrote (16 Jun 2013 12:31:29 GMT) : > On 2013年06月16日 星期日 04:30 下午, intrigeri wrote: >> You may want to nag AppArmor upstream so that they have the network >> mediation code merged into mainline Linux :) Cheers, > Ok, I am not complain, but did you talk to debian kernel team/developer > this issue? We talked during the Wheezy dev cycle, and they applied minimal AppArmor patches at this time, but that was on the grounds that these patches were well on their way to the mainline kernel, and therefore probably would not be needed for Jessie. So I don't think it's useful to ask them any such thing right now. The action that should be taken now belongs upstream. > If you never did it, I will open the new bug report to > linux-image(should I do it?) I don't think this would be a sensible move. Please take the matter upstream instead, thanks :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#712451: apparmor not support network rule
On 2013年06月16日 星期日 04:30 下午, intrigeri wrote: > You may want to nag AppArmor upstream so that they have the network > mediation code merged into mainline Linux :) Cheers, Ok, I am not complain, but did you talk to debian kernel team/developer this issue? again, I am not complain, I just want know, what (apparmor/kernel) developer think. If you never did it, I will open the new bug report to linux-image(should I do it?) thank you. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#712451: apparmor not support network rule
Control: severity -1 wishlist Control: retitle -1 Please support AppArmor network rules Hi, johnw wrote (16 Jun 2013 07:53:11 GMT) : >* What was the outcome of this action? >it show the waring message: "network rules not enforced" >* What outcome did you expect instead? >enforced network rules, without warning/error message. >I think it is because debian kernel (my: >linux-image-3.9-1-amd64/3.9.6-1) does not fully support apparmor, >is it? It's because the AppArmor patches about network mediation were not merged upstream yet. FYI Jessie's Debian kernel is not likely to ship out-of-tree AppArmor patches, so I'm not reassigning to the linux package, but keeping it under the apparmor package umbrella for the time being. >Do you use apparmor on debian with network rule? if yes, >any suggestion, how to make the kernel support apparmor network rule >on debian? You may want to nag AppArmor upstream so that they have the network mediation code merged into mainline Linux :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#712451: apparmor not support network rule
Package: apparmor Version: 2.7.103-4 Severity: normal Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? reload apparmor rule. * What exactly did you do (or not do) that was effective (or ineffective)? apparmor_parser -r rule * What was the outcome of this action? it show the waring message: "network rules not enforced" * What outcome did you expect instead? enforced network rules, without warning/error message. I think it is because debian kernel (my: linux-image-3.9-1-amd64/3.9.6-1) does not fully support apparmor, is it? is it ture, can you point me, where can I download the patches set, make the kernel support apparmor (at least support network rule). Do you use apparmor on debian with network rule? if yes, any suggestion, how to make the kernel support apparmor network rule on debian? If it is not the kernel problem, can you tell me how to make apparmor support network rule? Thank you. *** End of the template - remove these lines *** -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores) Locale: LANG=zh_HK.utf8, LC_CTYPE=zh_HK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apparmor depends on: ii debconf [debconf-2.0] 1.5.50 ii dpkg 1.16.10 ii initramfs-tools0.112 ii libc6 2.17-5 ii lsb-base 4.1+Debian12 ii python 2.7.5-2 apparmor recommends no packages. Versions of packages apparmor suggests: ii apparmor-docs 2.7.103-4 ii apparmor-profiles 2.7.103-4 ii apparmor-utils 2.7.103-4 -- Configuration Files: /etc/apparmor.d/abstractions/base changed [not included] /etc/apparmor.d/abstractions/ibus changed [not included] /etc/apparmor.d/abstractions/private-files-strict changed [not included] /etc/apparmor.d/abstractions/ubuntu-browsers changed [not included] /etc/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common changed [not included] /etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration changed [not included] /etc/apparmor.d/tunables/home changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
