On Thursday 2008-05-01 22:10, Jeff Mahoney wrote:
>>>> Couldn't you #ifdef based on CONFIG_SECURITY_APPARMOR ? This ought to
>>>> work for Hardy. However the next development kernel (Intrepid) does not
>>>> have the APPARMOR patches, so just knowing that its an UBUNTU kernel is
>>>> not specific enough.
>>>
>>> I've been assuming the apparmor patches change remove_suid even when they are
>>> not enabled in the config.
>>
>> Lets get Kees involved. He developed the patch set for Hardy. I would
>> hope that if CONFIG_SECURITY_APPARMOR=n then the source would default to
>> its normal state.
>
>remove_suid() isn't the only change AppArmor makes to the VFS interface.
>It's pretty invasive and requires that dentries are passed with a
>companion vfsmount in most cases. Putting #ifdefs around all that code
>would make the problem worse, not better.
An alternative approach, and IMHO better suited, is to:
make -C ${kdir} all I_HAZ_AN_APPARMOR=1
with this Makefile
ifneq (${I_HAZ_AN_APPARMOR},)
EXTRA_CFLAGS += -DHAZ_APPARMOR
endif
This works very well for kmp-rpms, which are tied to a specific
distro, sometimes kernel, anyway.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
