Canonical Mainlines A Bunch Of Their AppArmor Changes For Linux 4.13
Written by Michael Larabel in Linux Kernel on 4 July 2017 at 07:35 AM EDT. 12 Comments
LINUX KERNEL --
The Linux 4.13 kernel that's in development will pick up a big code contribution from Canonical as they have prepped a lot of their AppArmor security changes for mainlining, some of which code has been sitting in Ubuntu's kernel build for years.

Canonical security engineer John Johansen has taken to getting their AppArmor changes cleaned-up and accepted for mainline inclusion. Among their changes in this "major update" to AppArmor include bug fixes and clean-ups, symlink support for SecurityFS, and domain labeling base code that Ubuntu has been "carrying for several years."

Their domain labeling code has been cleaned-up and will allow Ubuntu/Canonical to merge more of their AppArmor code. Johansen wrote, "This finally will bring the base upstream code in line with Ubuntu and provide a base to upstream the new feature work that Ubuntu carries. This request does not contain any of the newer apparmor mediation features/controls (mount, signals, network, keys, ...) that Ubuntu is currently carrying, all of which will be RFC'd on top of this."

So hopefully it will be an exciting few rounds of kernel updates ahead if Canonical continues mainlining their AppArmor feature changes. Aside from Ubuntu, openSUSE continues to rely heavily on the AppArmor Linux security module while distributions like Arch and Gentoo continue to offer it via their package management systems.

Details on the other security changes for Linux 4.13 can be found via this pull request.

About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Linux Kernel News
Popular News