Linus,
can you please pull the following regression fix for apparmor.
It fixes a regression when the kernel feature set is reported as
supporting mount and policy is pinned to a feature set that does not
support mount mediation.
thanks
-- John
The following changes since commit 30a7acd573899fd8b8ac39236eff6468b195ac7d:
Linux 4.15-rc6 (2017-12-31 14:47:43 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2018-01-07
for you to fetch changes up to 5b9f57cf47b87f07210875d6a24776b4496b818d:
apparmor: fix regression in mount mediation when feature set is pinned (2018-01-05 15:07:42 -0800)
----------------------------------------------------------------
- fix regression in mount mediation when feature set is pinned
----------------------------------------------------------------
John Johansen (1):
apparmor: fix regression in mount mediation when feature set is pinned
security/apparmor/mount.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
On Sun, Jan 7, 2018 at 5:53 AM, John Johansen
<[email protected]> wrote:
>
> can you please pull the following regression fix for apparmor.
Pulled.
I do note that you still don't seem to have any signatures on your key.
You've used it for a couple of months, any chance to get somebody to sign it?
Even without signatures, it's a fine key and validates that it's the
same person (or controlling entity) that keeps doing this, but it
would be even better if there was an actual chain of trust in addition
to the basic key.
Linus
On 01/07/2018 11:40 AM, Linus Torvalds wrote:
> On Sun, Jan 7, 2018 at 5:53 AM, John Johansen
> <[email protected]> wrote:
>>
>> can you please pull the following regression fix for apparmor.
>
> Pulled.
>
> I do note that you still don't seem to have any signatures on your key.
>
> You've used it for a couple of months, any chance to get somebody to sign it?
>
Strange, it should have signatures from Greg KH, Kees Cook, James
Bottomly Serge Hallyn, and several others in the kernel community
Locally the gpg --list-sigs looks good, but I won't claim to really
know gpg, and maybe there is something messed up. I'll poke at and see
if I can't figure out what is up. If needed I can certainly grab Kees
Cook and maybe a few others local to the Portland area, and I'll be at
Fosdem at the end of the month so I can pickup a few more there.
> Even without signatures, it's a fine key and validates that it's the
> same person (or controlling entity) that keeps doing this, but it
> would be even better if there was an actual chain of trust in addition
> to the basic key.
>
> Linus
>
On Mon, Jan 8, 2018 at 1:39 AM, John Johansen
<[email protected]> wrote:
>
> Strange, it should have signatures from Greg KH, Kees Cook, James
> Bottomly Serge Hallyn, and several others in the kernel community
You are entirely right, and I have no idea why I thought it didn't
have signatures. I must have screwed something up.
Linus