Announcement

Collapse
No announcement yet.

Watch Out Upgrading To Linux 4.14 If You Use AppArmor

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #11
    Oh, bother... I'll need to revise all my AppArmor profiles on my server now :\ Though it's nice that it got that capability.

    Comment

    • #12
      Originally posted by GreatEmerald View Post
      Oh, bother... I'll need to revise all my AppArmor profiles on my server now :\ Though it's nice that it got that capability.
      You recompile the kernel for your server very often?

      Because I think that if you use a distro they will likely sort out the issue for you.

      Comment

      • #13
        Originally posted by starshipeleven View Post
        You recompile the kernel for your server very often?

        Because I think that if you use a distro they will likely sort out the issue for you.
        Yes, I do.

        Comment

        • #14
          Originally posted by GreatEmerald View Post
          Yes, I do.
          Why?
          I assume you must be tracking some feature that is actively developed, dunno, KVM?

          Because I don't see otherwise why one would need to recompile a kernel for a server so often.

          Comment

          • #15
            Originally posted by debianxfce View Post
            Adsl users has no experience of modern mobile networks. With adsl and fixed WAN IP you have hundreds of attacks per day.

            No viruses or attacks with Debian and 3G/4G mobile connection in years. Debian has over 50 000 virus free software packages and WAN IP changes in 3G/4G mobile networks (you need to pay extra to have a fixed IP) so there is no attacks.
            ADSL does not have fixed WAN IP unless you pay for it. None gives you a fixed IP because there is a limited amount of them, and this does not change with DSL or cable.

            The "hundreds of attacks per day" were logs from your router's DHCP, and were about a single PC (same mac address) in the LAN asking for a dynamic IP, not coming from WAN.

            Debian isn't more immune to Windows malware than any other non-Windows OS, Linux desktop, Android, MacOS, iOS.

            I still can't wrap my head around how you can live at all with this complete lack of logic and causality in your thought processes.
            • Likes 1

            Comment

            • #16
              Originally posted by DarkFoss View Post
              I've had it on every 4.14 based kernel on 17.10. Looks like they've tracked it down to a missing commit 7 hours ago according to the 1st bug report.
              https://bugs.launchpad.net/ubuntu/+s...r/+bug/1721278
              So the usual broken backport, patching, or out of Debian / upstream sync issues Ubuntu always has...

              Comment

              • #17
                Originally posted by starshipeleven View Post
                Why?
                I assume you must be tracking some feature that is actively developed, dunno, KVM?

                Because I don't see otherwise why one would need to recompile a kernel for a server so often.
                It's not often, I just use Gentoo. But from what I can tell, this has nothing to do with the kernel, it's the profiles that need to be updated due to the new security capabilities.

                Comment

                • #18
                  I had the same problem, and the workaround for me was to setup a static IP for my PC on router and in network manager. After that, it connected and network started working.

                  Comment

                  • #19
                    Originally posted by starshipeleven View Post
                    Why?
                    I assume you must be tracking some feature that is actively developed, dunno, KVM?

                    Because I don't see otherwise why one would need to recompile a kernel for a server so often.
                    Gentoo doesn't release premade kernels. It is possible to use the kernel from their LiveCD, but it's not ideal at all (because it's built using genkernel's livecd flag). It's really not that big a deal though, genkernel makes scripting the kernel upgrade super simple.
                    Last edited by duby229; 19 October 2017, 09:41 AM.

                    Comment

                    • #20
                      Originally posted by GreatEmerald View Post
                      It's not often, I just use Gentoo.
                      Heh, Gentoo on a server... I guess it's not that bad if you use Gentoo on all your PCs anyway, so it's just n+1 of the same stuff you do already.

                      Thanks for the explanation.

                      Comment

                      Previous 1 2 3 4 template Next
                      Working...
                      X