On 6/26/19 12:22 PM, Casey Schaufler wrote: > This patchset provides the changes required for > the AppArmor security module to stack safely with any other. > I have been doing some testing of this with Casey's suggested fix of clearing the lsmcontext in security_secid_to_secctx(). So far things are looking good. I have done smoke testing on booting with the following combinations under an ubuntu image. For the combinations that have apparmor I ran the apparmor regression tests, where noted the display LSM was set for the apparmor regression tests because they are currently only testing the shared interface. capability yama capability,yama capability,yama,apparmor capability,yama,selinux (no selinux policy) capability,yama,apparmor,selinux (no selinux policy) capability,yama,selinux,apparmor (no selinux policy) (tests that use shared interfaces fail without display LSM set, pass with it set to apparmor) capability,yama,smack (no smack policy) capability,yama,apparmor,smack (no smack policy) capability,yama,smack,apparmor (no smack policy) (tests that use shared interfaces fail without display LSM set, pass with it set to apparmor) I have more test combinations churning but figure I could report what I have so far
