Once the AppArmor parser supports multiple, versioned policy cache files I will be adding the ability to generate the policy cache files at kernel postinst. This will involve shipping a flattened AppArmor features file in the Ubuntu kernel packages and then calling out to apparmor_parser and specifying the shipped features file. To avoid potential maintenance issues, there may need to be some script/program to generate a flattened features file from the security/apparmor/apparmorfs.c source file.
** Changed in: linux (Ubuntu) Importance: Undecided => Medium ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: linux (Ubuntu) Status: Confirmed => Triaged ** Tags added: aa-parser -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1384746 Title: Support multiple versions of AppArmor policy cache files Status in AppArmor Linux application security framework: Triaged Status in “apparmor” package in Ubuntu: Confirmed Status in “linux” package in Ubuntu: Triaged Bug description: The AppArmor parser should support multiple directories of policy cache files. Directories should be specific to a certain AppArmor kernel feature set. From a distro standpoint, this would allow policy caches to be created during kernel install/upgrade. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1384746/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp