When testing stuff on 4.14, make sure you:
- use apparmor 2.11.1
- disable features-files= in /etc/apparmor/parser.conf (otherwise not
only you'll be stuck to 4.13's feature set and unable to do useful
work here, but worse you'll hit a kernel bug wrt. feature set
pinning & network
Christian Boltz:
> It turned out that the added "network unix dgram/stream" rules are not
> really needed. Let me explain ;.-)
> In theory apparmor_parser should downgrade the "unix" rules in
> abstractions/base to "network unix" rules (when using Kernel < 4.15),
> which allows more than
2 matches
Mail list logo
