Announcement

Collapse
No announcement yet.

Watch Out Upgrading To Linux 4.14 If You Use AppArmor

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #1

    Watch Out Upgrading To Linux 4.14 If You Use AppArmor

    Phoronix: Watch Out Upgrading To Linux 4.14 If You Use AppArmor

    Just a quick public service announcement if you rely upon AppArmor for security on your Linux distribution like Ubuntu/Debian and plan to soon upgrade to the Linux 4.14 kernel.....

    Watch Out Upgrading To Linux 4.14 If You Use AppArmor - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=AppArmor-Linux-4.14
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    I too have this issue with 4.14 RC5, I did not have this issue with 4.14 RC4 on debian however. Running Ubuntu 17.10 now.

    Comment

    • #3
      Strange that these issues where not detected before? I can't imagine that no CI-system tests such simple testcases.

      Comment

      • #4
        Originally posted by debianxfce View Post
        One reason more why to use a custom kernel. When your networking environment is safe (firewall and 4G mobile network) , you do not need SELinux etc.
        This post makes no sense at all, there is no logic, no causality in the statements herein.

        • Likes 12

        Comment

        • #5
          Originally posted by debianxfce View Post
          One reason more why to use a custom kernel. When your networking environment is safe (firewall and 4G mobile network) , you do not need SELinux etc.
          No network is "safe"
          • Likes 3

          Comment

          • #6
            Originally posted by debianxfce View Post
            One reason more why to use a custom kernel. When your networking environment is safe (firewall and 4G mobile network) , you do not need SELinux etc.
            it's probably safe to assume that no networking environment is safe.

            if you always assume that you have been compromised and design your network around it, then you will probably have a less bad day when it happens
            • Likes 1

            Comment

            • #7
              Originally posted by theghost View Post
              Strange that these issues where not detected before? I can't imagine that no CI-system tests such simple testcases.
              Part of the problem is that most distributions will only test with the kernel they ship and many don't provide packages for the vanilla kernel, let alone RC / git kernels.
              • Likes 1

              Comment

              • #8
                I've run all rc's for 4.14 on Tumbleweed with AppArmor enabled and haven't run into this problem. I grab the pre-built kernels from the openSUSE Kernel:HEAD project, where they are probably testing and configuring for this type of problem.

                Comment

                • #9
                  Lol, no wonder most people haven't encountered this problem yet, they're all probably using 16.04 LTS with kernel 4.8. Or for the people who are actually running 17.04 .......they are probably running 4.10 or 4.12 at best.

                  Comment

                  • #10
                    I've had it on every 4.14 based kernel on 17.10. Looks like they've tracked it down to a missing commit 7 hours ago according to the 1st bug report.
                    Bug #1721278 “apparmor="DENIED” operation="create” profile="/usr...” : Bugs : apparmor package : Ubuntu
                    https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1721278
                    With Ubuntu 16.04.3 LTS (Xenial Xerus), and apparmor 2.10.95-0ubuntu2.7, in the system log each second the error message below is printed to. ``` […] [Mi Okt 4 16:57:52 2017] audit: type=1400 audit(1507129072.882:554): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" [Mi Okt 4 16:57:53 2017] audit: type=1400 audit(1507129073.886:555): apparmor="DENIED" o...
                    Those who would give up Essential Liberty to purchase a little Temporary Safety,deserve neither Liberty nor Safety.
                    Ben Franklin 1755

                    Comment

                    Previous 1 2 3 4 template Next
                    Working...
                    X