[Bug 639758] [NEW] AppArmor fails to load policy with newer network rules
John Johansen
john.johansen at canonical.com
Wed Sep 15 17:08:59 UTC 2010
Public bug reported:
If newer userspace tools are used to load policy on an older kernel, the
policy load can fail if the tools were built against a release that has
information about newer networking protocols. This occurs because the
tools create extra rules in the policy to handle the newer networking
protocols, but the older kernel doesn't accept the larger networking
tables containing the extra rules.
This is a problem in two cases, upgrades and a user dual booting newer
and older kernels (eg. Maverick on Lucid). For upgrades the newer
userspace tools will be installed and load policy before the user
reboots to the new kernel, resulting in failure messages and new policy
not being loaded (which could lead to any upgraded applications failing
as old policy is not removed and is still enforced). For the dual boot
case the newer AppArmor compiler is required to support the newer
kernel, but it is subject to the same problems as the upgrade case
except that policy may not load on boot resulting in no AppArmor
protection.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: John Johansen (jjohansen)
Status: New
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
AppArmor fails to load policy with newer network rules
https://bugs.launchpad.net/bugs/639758
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux in ubuntu.
More information about the kernel-bugs
mailing list