Announcement

Collapse
No announcement yet.

Watch Out Upgrading To Linux 4.14 If You Use AppArmor

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Watch Out Upgrading To Linux 4.14 If You Use AppArmor

    Phoronix: Watch Out Upgrading To Linux 4.14 If You Use AppArmor

    Just a quick public service announcement if you rely upon AppArmor for security on your Linux distribution like Ubuntu/Debian and plan to soon upgrade to the Linux 4.14 kernel.....

    http://www.phoronix.com/scan.php?pag...mor-Linux-4.14

  • #2
    I too have this issue with 4.14 RC5, I did not have this issue with 4.14 RC4 on debian however. Running Ubuntu 17.10 now.

    Comment


    • #3
      Strange that these issues where not detected before? I can't imagine that no CI-system tests such simple testcases.

      Comment


      • #4
        One reason more why to use a custom kernel. When your networking environment is safe (firewall and 4G mobile network) , you do not need SELinux etc.

        Comment


        • #5
          Originally posted by debianxfce View Post
          One reason more why to use a custom kernel. When your networking environment is safe (firewall and 4G mobile network) , you do not need SELinux etc.
          This post makes no sense at all, there is no logic, no causality in the statements herein.

          Comment


          • #6
            Originally posted by debianxfce View Post
            One reason more why to use a custom kernel. When your networking environment is safe (firewall and 4G mobile network) , you do not need SELinux etc.
            No network is "safe"

            Comment


            • #7
              Originally posted by debianxfce View Post
              One reason more why to use a custom kernel. When your networking environment is safe (firewall and 4G mobile network) , you do not need SELinux etc.
              it's probably safe to assume that no networking environment is safe.

              if you always assume that you have been compromised and design your network around it, then you will probably have a less bad day when it happens

              Comment


              • #8
                Originally posted by theghost View Post
                Strange that these issues where not detected before? I can't imagine that no CI-system tests such simple testcases.
                Part of the problem is that most distributions will only test with the kernel they ship and many don't provide packages for the vanilla kernel, let alone RC / git kernels.

                Comment


                • #9
                  I've run all rc's for 4.14 on Tumbleweed with AppArmor enabled and haven't run into this problem. I grab the pre-built kernels from the openSUSE Kernel:HEAD project, where they are probably testing and configuring for this type of problem.

                  Comment


                  • #10
                    Lol, no wonder most people haven't encountered this problem yet, they're all probably using 16.04 LTS with kernel 4.8. Or for the people who are actually running 17.04 .......they are probably running 4.10 or 4.12 at best.

                    Comment

                    Working...
                    X