Announcement

Collapse
No announcement yet.

Linux 4.14-rc7 No Longer Clashes With AppArmor To Break Networking

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by boxie View Post

    A Versioned API would allow you to have both. depreciate the old API and eventually remove it once user space no longer needs it
    Which is exactly what the AppArmor devs are now doing. Leaving the old default behaviour but allowing newer userspace to get the new version with the changes they want.

    Comment


    • #32
      Originally posted by cyberwizzard View Post
      Does anyone know why Linus is 'unhappy' with AppArmor as it is?
      They asked, and Linus responded that it was just the stuff happening in this kernel cycle.
      1. This situation with the regression, but more importantly not acknowledging it was a kernel regression.
      2. Some big merge apparently had a commit message that said it did something completely different from what the code actually did, and Linus got involved with that as well.

      Comment


      • #33
        Originally posted by sdack View Post
        What if it had said Linux 4.14-rc7 no longer clashes with AppArmor 2.11... ?
        Nothing, the issue is still in the kernel because the kernel makes a stability promise (while the userspace does not).

        Technically speaking there is both a clash with AppArmor userpace tool AND the lack of some new rules, see here https://bugs.debian.org/cgi-bin/bugr...cgi?bug=877581

        No. Bullshit is when you try to explain why you think the way you do.
        No! You are!, No You! Really, we aren't at the kindergarten anymore. You either explain why something is wrong or you show you are wrong.

        The commit doesn't change the API, but adds something new to it.
        Isn't "addition" a change? And the fact that shit breaks does seem to me that something was changed in a non-retro-compatible way.

        Versioned API isn't a brand new idea, and it would have solved this issue.

        The mistake was that some AppArmor configurations were outdated.
        As I said, you can fix the issue either of 2 sides and it will be fixed the same.

        The point here is that Linux promises to NOT break userspace this way, and this was set in stone long time ago.

        Only once Linus threw his tantrum and came up with his bullshit explaining why this was suddenly a regression
        If you actually had any clue, you would know that having a stable userspace API is a primary goal in Linux.

        And for "stable" it means "not breaking userspace". How userspace breaks is not relevant, the rule is generic.

        It still is just a new feature and Debian, not being the most modern distro, used an outdated ruleset and thereby cut off its network connection.
        Debian devs are targeting stable, if something in Debian Unstable breaks... so be it.

        All distros using Apparmor have to adjust, or didn't have to because they are SUSE-based so the devs knew this beforehand, but the latter isn't a good reason to break promises.

        I guess some folks got scared by 4.14 when they suddenly lost their network connection and could no longer ask Google for a solution.
        Ah, so that's why you're so angry. Don't. Anger leads to the dark side.

        Comment


        • #34
          Originally posted by starshipeleven View Post
          ...
          The Debian people saw it as a fault in their AppArmor rule set and had planned to fix it before the new kernel lands in Unstable. Nobody of the normal users would have taken notice of it if it wasn't for the tantrum. Now the AppArmor people have to add a new AppArmor API so that outdated versions of their AppArmor software can work with newer kernels by having two AppArmor APIs... To me, that's the real bullshit, and Linus wanting his acknowledgement ofc. He doesn't give two fucks about people having a problem with it. His problem is getting an acknowledgement for his idea of a regression. That's messed up. He's a hypocrite and perhaps he knows it, which might be why he throws tantrums trying to hide it or whatever.

          Like I said above, you're feeling empowered by the tantrum, everything you say now you want to believe as true, because you feel Linus has your back. You're still an idiot ... as always. Don't look away when people get mad. Start seeing people for who they are.
          Last edited by sdack; 30 October 2017, 03:22 PM.

          Comment


          • #35
            Originally posted by sdack View Post
            The Debian people saw it as a fault in their AppArmor rule set and had planned to fix it before the new kernel lands in Unstable. Nobody of the normal users would have taken notice of it if it wasn't for the tantrum.
            Linus Torvalds still saw this as a breach of the rules he set up for his project. Because it is.

            Now the AppArmor people have to add a new AppArmor API so that outdated versions of their AppArmor software can work with newer kernels by having two AppArmor APIs...
            Still clueless, huh? Versioning API is an API where the program expects features depending on API version, not a full clone.
            This is what all filesystems do, for example, when they add a new and non-retro-compatible feature they don't make the whole goddamn driver obsolete and make a full new one for a few features.

            To me, that's the real bullshit, and Linus wanting his acknowledgement ofc. He doesn't give two fucks about people having a problem with it. His problem is getting an acknowledgement for his idea of a regression. That's messed up. He's a hypocrite and perhaps he knows it, which might be why he throws tantrums trying to hide it or whatever.
            "his idea of regression" is a project rule stated in the kernel docs and whose all core developers contributing to the project since its inception agreed to.

            Maybe, just maybe, it makes sense for more people than just Torvalds.

            But no, it's totally a tantrum Torvalds is using to attract attention like trolls do in forums, oh wait...

            Comment


            • #36
              Originally posted by starshipeleven View Post
              Maybe, just maybe, it makes sense for more people than just Torvalds.
              Don't kid yourself. It doesn't make sense for you either. You're not that blind. Even I think you still have a brain big enough to think for yourself and don't need others to put up red tape everywhere around you. Somehow I feel you're just going to prove me wrong anyway ...

              Comment


              • #37
                Originally posted by sdack View Post
                Don't kid yourself. It doesn't make sense for you either. You're not that blind. Even I think you still have a brain big enough to think for yourself and don't need others to put up red tape everywhere around you. Somehow I feel you're just going to prove me wrong anyway ...
                Wait, so you expect a kernel to break user space and that doing so would make sense?

                Comment


                • #38

                  Comment


                  • #39
                    Originally posted by F.Ultra View Post
                    Wait, so you expect a kernel to break user space and that doing so would make sense?
                    Sure do I expect a kernel to break user space. Some things always break with a new kernel. It doesn't actually matter what it is that breaks. Even when it's called "user space" is it still just something most users don't actually come in touch with. Most users don't mess around with kernel APIs. And as a software developer do you not have a problem with occasional changes to APIs. It's part of the job. Administrators then have to deal with all sorts of problems created by newer kernels. To them is the task of finding and installing the right driver, for example, a part of their user space. Do you see them getting "protection by Daddy"? No.

                    What then makes sense and doesn't has nothing to do with rules. Sense comes from context and if a change makes sense, or if it doesn't, depends on the context. If then the only context you can find is that it broke a rule then fuck the rule and move on, or you just end up digging yourself into a pile of BS without any substance and for you to be believable.

                    Do you disagree?
                    Last edited by sdack; 30 October 2017, 05:42 PM.

                    Comment


                    • #40
                      Originally posted by sdack View Post
                      Don't kid yourself. It doesn't make sense for you either. You're not that blind. Even I think you still have a brain big enough to think for yourself and don't need others to put up red tape everywhere around you. Somehow I feel you're just going to prove me wrong anyway ...
                      Is that seriously a jedi trick?

                      Comment

                      Working...
                      X