Linux 4.14-rc7 No Longer Clashes With AppArmor To Break Networking

Written by Michael Larabel in Linux Kernel on 30 October 2017 at 06:10 AM EDT. 61 Comments
Earlier this month I warned about using Linux 4.14 with AppArmor can cause headaches, namely with the stock rules on distributions like Ubuntu and Debian you can find your networking support broken. That work has now been reverted after Linus Torvalds realized this issue as well.

With this weekend's Linux 4.14-rc7 kernel release, Linus Torvalds has reverted the AppArmor change that caused all these issues in the first place.

This issue has affected the mainline kernel for about one month in Git, but the developer causing the change refused to acknowledge it as a regression in the kernel. Linus wrote:
Stop gthis f*cking idiocy already!

As far as the kernel is concerned, a regressions is THE KERNEL NOT GIVING THE SAME END RESULT WITH THE SAME USER SPACE.

The regression was in the kernel. You trying to shift the regressions somewhere else is bogus SHIT.

And seriously, it's the kind of garbage that makes me think your opinion and your code cannot be relied on.

If you are not willing to admit that your commit 651e28c5537a ("apparmor: add base infastructure for socket mediation") caused a regression, then honestly, I don't want to get commits from you.

It's that simple.

I'm *very* unhappy with the security layer as is, the last thing I want to see is some security layer developer that then goes on to try to re-define was regression means.

If you break existing user space setups THAT IS A REGRESSION.

It's not ok to say "but we'll fix the user space setup".

Really. NOT OK.

I think I will have to revert that garbage, for the simple reason that I refuse to have code in the kernel from maintainers that cannot even understand the first rule of kernel development.

The first rule is:

- we don't cause regressions

and the corollary is that when regressions *do* occur, we admit to them and fix them, instead of blaming user space.

The fact that you have apparently been denying the regression now for three weeks means that I will revert, and I will stop pulling apparmor requests until the people involved understand how kernel development is done.

Linus ended up personally reverting that problematic commit, so 4.14-rc7 is indeed running happily on my Ubuntu/Debian systems with AppArmor enabled.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week