[apparmor] Huge pages mediation class?
John Johansen
john.johansen at canonical.com
Wed Nov 26 22:58:04 UTC 2025
On 11/26/25 02:04, Zygmunt Krynicki wrote:
> Hello
>
> As a part of investigation into issue affecting mmap with MAP_HUGETLB [1], I was thinking if huge pages should have a dedicated mediation class and be handled similarly to how mqueue was recently added.
>
yes we want to split it off, it could potentially go into its own class or potentially share a class with a few other memory operations that we want to handle better.
The trade-off being whether we want to handle them in a separate feature abi or not. If we put them in the same class then they need to move together
> In the kernel, `aa_file_perm` function could special case hugetlbfs so that mmap would not end up using odd (possibly disconnected) paths for accessing it.
>
> I'd be happy to pick up this work if there is consensus on the general direction. I would need some help with reviews and guidance along the way.
>
I am not opposed to free work, it should likely use the newer task based pattern/operations as a starting point. I need to get those posted. Though its probably not going to happen this week.
> Best regards
> ZK
>
> [1] https://gitlab.com/apparmor/apparmor/-/issues/571
>
.
More information about the AppArmor
mailing list