From: Chris Mason <chris.mason@oracle.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Jeff Mahoney <jeffm@suse.com>,
Tim Gardner <tim.gardner@canonical.com>,
jeffschroeder@computer.org, linux-fsdevel@vger.kernel.org,
kernel-team@lists.ubuntu.com, linux-kernel@vger.kernel.org,
linux-btrfs@vger.kernel.org, John Johansen <jjohansen@suse.de>
Subject: Re: Btrfs v0.14 Released
Date: Fri, 2 May 2008 08:52:50 -0400 [thread overview]
Message-ID: <200805020852.51125.chris.mason@oracle.com> (raw)
In-Reply-To: <alpine.LNX.1.10.0805020837490.6463@fbirervta.pbzchgretzou.qr>
On Friday 02 May 2008, Jan Engelhardt wrote:
> On Thursday 2008-05-01 22:10, Jeff Mahoney wrote:
> >>>> Couldn't you #ifdef based on CONFIG_SECURITY_APPARMOR ? This ought to
> >>>> work for Hardy. However the next development kernel (Intrepid) does
> >>>> not have the APPARMOR patches, so just knowing that its an UBUNTU
> >>>> kernel is not specific enough.
> >>>
> >>> I've been assuming the apparmor patches change remove_suid even when
> >>> they are not enabled in the config.
> >>
> >> Lets get Kees involved. He developed the patch set for Hardy. I would
> >> hope that if CONFIG_SECURITY_APPARMOR=n then the source would default to
> >> its normal state.
> >
> >remove_suid() isn't the only change AppArmor makes to the VFS interface.
> >It's pretty invasive and requires that dentries are passed with a
> >companion vfsmount in most cases. Putting #ifdefs around all that code
> >would make the problem worse, not better.
>
> An alternative approach, and IMHO better suited, is to:
>
> make -C ${kdir} all I_HAZ_AN_APPARMOR=1
This is better than the current situation (oops without any clues), but I'd
prefer that people not have to know what apparmor is or if they have it.
(This isn't a knock on apparmor, I'd just rather take care of it
automagically).
-chris
next prev parent reply other threads:[~2008-05-02 12:53 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-29 20:01 Btrfs v0.14 Released Chris Mason
2008-05-01 16:04 ` Chris Mason
2008-05-01 16:18 ` Jeff Schroeder
2008-05-01 16:26 ` Chris Mason
2008-05-01 16:39 ` Jeff Schroeder
2008-05-01 19:06 ` Tim Gardner
2008-05-01 19:17 ` Chris Mason
2008-05-01 19:27 ` Jeff Mahoney
2008-05-01 19:36 ` Tim Gardner
2008-05-01 19:51 ` Kees Cook
2008-05-01 20:10 ` Jeff Mahoney
2008-05-02 6:40 ` Jan Engelhardt
2008-05-02 12:52 ` Chris Mason [this message]
2008-05-02 13:30 ` Jan Engelhardt
2008-05-02 14:10 ` Jan Engelhardt
2008-05-02 14:15 ` Jeff Schroeder
2008-05-02 14:31 ` Jan Engelhardt
2008-05-02 14:34 ` Chris Mason
2008-05-02 14:38 ` Matthew Wilcox
2008-05-02 14:52 ` Chris Mason
2008-05-02 15:07 ` Jan Engelhardt
2008-05-02 16:06 ` Tim Gardner
2008-05-02 16:26 ` Jeff Mahoney
2008-05-02 18:00 ` Jan Engelhardt
2008-05-02 18:01 ` Jeff Mahoney
2008-05-02 18:14 ` Jeff Schroeder
2008-05-02 20:58 ` Chris Mason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200805020852.51125.chris.mason@oracle.com \
--to=chris.mason@oracle.com \
--cc=jeffm@suse.com \
--cc=jeffschroeder@computer.org \
--cc=jengelh@medozas.de \
--cc=jjohansen@suse.de \
--cc=kernel-team@lists.ubuntu.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tim.gardner@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).