[apparmor] stacked filesystems status update?
intrigeri
intrigeri at debian.org
Sat Nov 3 16:16:01 UTC 2012
Hi,
John Johansen wrote (16 Apr 2012 20:08:42 GMT) :
> On 04/16/2012 12:48 PM, intrigeri wrote:
>> Hi,
>>
>> as the maintainer of a Live system that uses aufs, I'm severely hit by
>> the lack of support for stacked filesystems in AppArmor.
>>
>> Steve's comment #41 on LP #131976 [0] suggests an easy workaround.
>> However, John's comment #42 explains that "there is still a bug in
>> alias processing, that needs to be fixed before this will work".
>>
>> Was this alias processing bug fixed?
>> If it was not, is it tracked anywhere?
>>
> Sadly it has not been fixed, despite it being a critical bug it requires
> some major work to fix, there has been progress on it but it is not done.
> The work around right now is manually splitting some rules, so that the
> current alias rules can be applied (see below).
> https://bugs.launchpad.net/apparmor/+bug/888077
> aliases as they are currently implemented aren't applied to regular
> expressions that would match against the alias root.
> Eg.
> alias /home/ -> /mnt/rw,
> /** rw, #rule not correctly aliased
> /home/** rw # rule is correctly aliased
> I am trying to get this code rework done for the next release post
> the up coming 2.8 release. Being a compiler only fix it is possible
> we can backport this to previous releases.
Any news on this front?
More information about the AppArmor
mailing list