Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2610776yba; Mon, 8 Apr 2019 00:22:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqyjWG//2WubfVSe/hDW5jZYmZXW56BQjPqSNl9nL8c5SyrapZ8cQCoL0xU3Pvj9MtuaBGgh X-Received: by 2002:a63:3857:: with SMTP id h23mr26225079pgn.305.1554708138107; Mon, 08 Apr 2019 00:22:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554708138; cv=none; d=google.com; s=arc-20160816; b=GoJzlgUL0gEyCGFAnikqyuW+Hbps4eNc9Elt+z4Tqm/GrXfDXAplF1XLJu5hZ3BG94 Y54UCD6/g4de+0nNBXsrkn7ZiLVKsww6s39JEbYztS3NF6AOYRMqaC2UO3BO+jy3b1R1 zEKy41NPWiRR1+CkYc6xJmIXefBUVyBb9b9h3W8B93QQV9hLUMGKfhaV7t0cT6xWzARq XueN8YTq9V3nxdzr5ipA/iwY87K0IjlgNhlWESszABdm6CiOmFFvbN38dza9aTZgQz6N D8aBkKENr6e7j1W2pq/ngDTPYDpfjhnvVph7iq2GhkKHN7nBqlEDxRam+H9WqdN2hRlQ nU2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :mime-version:dkim-signature; bh=hyhNPMHVMQMWjlYRq6ApiDESt59FD7YPy2Dj6OkTqHw=; b=d6W1Qrs1RRTqQFB6lkz8JAfFoX7iRqkgiMlhXjmr0VBVtdPrBo1HkqvUdLAeb5Pl4f O5ROGm/JQ+I9xqR29r3rFGBdT9Wmu4Iuc1YgRzFEoImChxj4bUbwXTOfygi+vJ5AFSdF vwBTfNqM5SgWr1G87cX8HQ3Cap8bPAw0CaE7zbGclMZaHxRg+6mjuzPQiBCTd1xPRAHA E8IRKbUCKGAP/BA5htobBbQLXERZb3XPQW+lPuxOyz2v8eCA8ppvRQKN8QCNn6pjMhhg HOMKuX0CbimWE5NtWMv/QiChGe3RcXiFNfWgBBnjmYD+yUIr0nJGt+fImw/xmNHbHQ+g O63Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=rJYjmgh3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m12si25535966pgc.157.2019.04.08.00.22.02; Mon, 08 Apr 2019 00:22:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=rJYjmgh3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726189AbfDHHV1 (ORCPT + 99 others); Mon, 8 Apr 2019 03:21:27 -0400 Received: from mail-io1-f45.google.com ([209.85.166.45]:45733 "EHLO mail-io1-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725925AbfDHHV1 (ORCPT ); Mon, 8 Apr 2019 03:21:27 -0400 Received: by mail-io1-f45.google.com with SMTP id s7so10116450iom.12; Mon, 08 Apr 2019 00:21:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=hyhNPMHVMQMWjlYRq6ApiDESt59FD7YPy2Dj6OkTqHw=; b=rJYjmgh35aIjpllE9sM9jac6hnTst+bvKDKFeuWmz6DqKbke2bnKI1FoIpWkIb7gfJ 4MciNnFUKG2B7lw9asx78pz48I2dAuKoRLixifCZTaW9+REfD9ryqb943qwTkslZkRvo CFDXkx1+XP1M3CeWcsqXDhA4sgW2hmZaiQUb0M428FTwLhwrnO+uozTPnmR0jsV9KsIJ TqWgdsltE2f2j1EWtyQUUJsszCH2iS0FQwfWhQQbzDMccK7bvUUPguvAovoA8MKJj7dV XNftFFKEkA62IXu9bvucOWFC11Rt7Go8WQA3S2sE8JNv7buLXdZENz25CkIVrW24Uif/ I8Dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=hyhNPMHVMQMWjlYRq6ApiDESt59FD7YPy2Dj6OkTqHw=; b=DlbVbJhbpeKVjgwCsby7XbNlllyelbxm6JS8meoHSBy7fd469QA4dXaWNKEeZm0xl0 LbIU9cToJcfxP1VuYMRwM4atsRUpgHi17nG26drYadQ9Il3DcQY32D7snWIHN9p5HkkE cgKXIagscsy/O5bm8qsV7u2GrEWOmHgtn5JMYgtpkKAx0ZsKlG9fg4KLyoWqmSOCjxyo iFJjWDPrUUPn/KEMk4vZp9kVYNCFf2CnhGrKMtSU/61r7VqrENPpJmWOBQOpcLKsoD2r Jx5OQt4Zhf6iafxqoGgqJWur3xd8lEeCSsd4fIVrzkbCuGiwo7zs9G74LF49QPQWXacg 3rmw== X-Gm-Message-State: APjAAAVrYLMHNEqDm71hXzPXs0G1aSK77jCWzy9d3P5JK6WgHy7kamKT 53bfNJ2q72kdH7Jw79bCNDOSsDzfGDADGw0DruRKqVKT+DI= X-Received: by 2002:a6b:cd89:: with SMTP id d131mr18607268iog.213.1554708086032; Mon, 08 Apr 2019 00:21:26 -0700 (PDT) MIME-Version: 1.0 From: David Rheinsberg Date: Mon, 8 Apr 2019 09:21:13 +0200 Message-ID: Subject: [REGRESSION] AppArmor module parameter layout changed with c5459b829b716 To: linux-kernel@vger.kernel.org Cc: John Johansen , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, Kees Cook , Casey Schaufler Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi A recent commit changed how `/sys/module/apparmor/parameters/enabled` looks. It was "Y"/"N" before, now it is an integer. I *think* the commit that changed this was: commit c5459b829b716dafd226ad270f25c9a3050f7586 Author: Kees Cook Date: Thu Sep 13 22:28:48 2018 -0700 LSM: Plumb visibility into optional "enabled" state I haven't recompiled with a revert, but changing the module-parameter type looks like the obvious culprit. I don't see how this change can be safe? This breaks the AppArmor detection of `dbus-broker`. Can the commit be reverted? Thanks David