touch-packages team mailing list archive

[Tyler Hicks <tyhicks@xxxxxxxxxxxxx>]

Once the AppArmor parser supports multiple, versioned policy cache files
I will be adding the ability to generate the policy cache files at
kernel postinst. This will involve shipping a flattened AppArmor
features file in the Ubuntu kernel packages and then calling out to
apparmor_parser and specifying the shipped features file. To avoid
potential maintenance issues, there may need to be some script/program
to generate a flattened features file from the
security/apparmor/apparmorfs.c source file.

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu)
       Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: linux (Ubuntu)
       Status: Confirmed => Triaged

** Tags added: aa-parser

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1384746

Title:
  Support multiple versions of AppArmor policy cache files

Status in AppArmor Linux application security framework:
  Triaged
Status in “apparmor” package in Ubuntu:
  Confirmed
Status in “linux” package in Ubuntu:
  Triaged

Bug description:
  The AppArmor parser should support multiple directories of policy
  cache files. Directories should be specific to a certain AppArmor
  kernel feature set.

  From a distro standpoint, this would allow policy caches to be created
  during kernel install/upgrade.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1384746/+subscriptions