Announcement

**theghost** · 30 October 2017, 06:39 AM

As always, harsh but true words by Linus.
Let's hope the AppArmor maintainers understood it.

**starshipeleven** · 30 October 2017, 06:53 AM

When I read "Linus reverted the patch" I was expecting some flaming. Was not disappointed.

**boxie** · 30 October 2017, 06:56 AM

I am happy that this has been reverted, I am idly wondering what the security layer devs can do to make Linus happy with their work?

**cyberwizzard** · 30 October 2017, 07:04 AM

Originally posted by boxie View Post

I am happy that this has been reverted, I am idly wondering what the security layer devs can do to make Linus happy with their work?

I reckon its as simple as first making sure user-space tools are forwards compatible with potential API changes and then change the kernel to follow once the tools are stable. Breaking compatibility and then suggesting user-space is updated means there is a huge gap between the point of breaking and end-users getting a working system.

My thoughts on the language in such emails aside, he is right that such a situation is unacceptable for mainlining code.

Does anyone know why Linus is 'unhappy' with AppArmor as it is?

**Drago** · 30 October 2017, 07:08 AM

As always the coin has 2 sides:
1. There is an issue/bug/stupid implementation in the kernel.
2. Userspace somewhat works around the kernel issue.
3. Kernel devs want to fix/cleanup the root issue & fix the user space.

How are we going to resolve this circle? Is leaving bugs/inefficiencies in the kernel forever the right decision?
Programming is hard. The more the LOCs, the harder.

**Drago** · 30 October 2017, 07:09 AM

Originally posted by cyberwizzard View Post

I reckon its as simple as first making sure user-space tools are forwards compatible with potential API changes and then change the kernel to follow once the tools are stable. Breaking compatibility and then suggesting user-space is updated means there is a huge gap between the point of breaking and end-users getting a working system.

Is anywhere defined how big this window should be?

**boxie** · 30 October 2017, 07:14 AM

Originally posted by Drago View Post

As always the coin has 2 sides:
1. There is an issue/bug/stupid implementation in the kernel.
2. Userspace somewhat works around the kernel issue.
3. Kernel devs want to fix/cleanup the root issue & fix the user space.

How are we going to resolve this circle? Is leaving bugs/inefficiencies in the kernel forever the right decision?
Programming is hard. The more the LOCs, the harder.

A Versioned API would allow you to have both. depreciate the old API and eventually remove it once user space no longer needs it

**garegin** · 30 October 2017, 07:19 AM

Who uses apparmour besides Ubuntu and derivates?

**starshipeleven** · 30 October 2017, 07:33 AM

Originally posted by garegin View Post

Who uses apparmour besides Ubuntu and derivates?

SUSE and derivatives, SUSE is also the trademark owner and the main developer of AppArmor.

Announcement

Linux 4.14-rc7 No Longer Clashes With AppArmor To Break Networking

Linux 4.14-rc7 No Longer Clashes With AppArmor To Break Networking

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment