[apparmor] Next apparmor version

Goldwyn Rodrigues rgoldwyn at suse.de
Fri Jul 21 13:13:25 UTC 2017 


On 07/19/2017 10:17 AM, John Johansen wrote:
<snip>

>>> Would you have a tree which can be cloned for the patches still need to
>>> be ported or have a development tree? I did check out the linux-apparmor
>>> tree [1], but it does not seem to have more than what is present in the
>>> apparmor-utils.
>>>
>>> [1] git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
>>>
>>
>> right, I have been doing the Ubuntu based backports in the
>>
>> git://kernel.ubuntu.com/jj/linux-apparmor-backports
>>
>> The kernel.org tree is only used for upstream based work.
>>
>> I will be pusing branches to there but since the 4.13 versions will be
>> based on upstream, I will also likely be pushing them to the kernel.org
>> tree.
>>
>> I'll push what I have of the 4.13 backports when I get back tomorrow
>> sorry for the delay on this,
> 
> I have pushed 6 branches to git://kernel.ubuntu.com/jj/linux-apparmor-backports
> they have all been successfully built but are currently untested
> 
> v4.13-apparmor-backport-to-v4.12-presquash
> v4.13-apparmor-backport-to-v4.12
> v4.13-apparmor-backport-to-v4.11-presquash
> v4.13-apparmor-backport-to-v4.11
> v4.13-apparmor-backport-to-v4.10-presquash
> v4.13-apparmor-backport-to-v4.10

Thanks a lot for doing this.

> 
> the presquash branch has the full list of cherry-picked upstream commits. The
> non-presquash branches have a squashed single patch for the apparmor snapshot
> that should be identical to what is in v4.13 atm (this looks likely to change
> during the merge period and I will have to refresh).
> 
> cherry-picked patches were done so that they only pickup the apparmor changes
> and don't touch the rest of the kernel. There is then a set of backport patches
> that sit on top of the snapshot that provide explicit per commit changes needed
> to get the 4.13 snapshot of apparmor working on the specified kernel.
> 
> The only patch that touches outside of the apparmor tree is the
>   securityfs: add the ability to support symlinks
> 
> 
> The v4.10 kernel will be last kernel I do the individual cherry-picks for. Earlier
> kernels will only have the snap shot version. (The individual cherry-picks take
> more work).

>From SUSE's POV, we are interested in v4.12 only. However, cherry-picked
version help reviewing the patches.

> 
> The missing features that are targeted to v4.14 (that will bring Ubuntu equivalence)
> are not on these kernels. I will push new branches in a few weeks tagged something
> like
> v4.13-apparmor+aa3.6-backport-to-XXX
> 

What is aa3.6?

-- 
Goldwyn

More information about the AppArmor mailing list