AppArmor as DKMS?

Asked by Adam Stark on 2009-07-07

So I realize that AppArmor is now in the linux-kernel package, but I don't really understand why.

I recently upgraded my kernel to a 2.6.30 version from ppa that has better support for Intel graphics (jaunty's default kernel was really bad), only to realize that it breaks AppArmor (along with every other version of 2.6.30). However it seems that as it's a module that's not in the vanilla kernel it should be "easy" to get a DKMS version, or at least roll my own, but it's almost impossible to get a set of clean sources since Novell only posts diffs.

So that's my feature request: make apparmor into a dkms package: if apparmor is so great that it's irrevocably installed by default, then it should be a dkms package so those with non-standard kernels can still use it.

Okay, gripe over, any reason this won't work?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu apparmor Edit question
Assignee:
No assignee Edit question
Last query:
2009-07-07
Last reply:
2009-07-09
Jeruvy (jeruvy) said : #1

My only comment is that APPARMOR has been consider an 'effective' and 'true' security measure to the kernel, SElinux was not. Its used as a replacement to SElinux. However whether you see any value one way or the other, or just no way...is your choice and decision, however note that ubuntu does use kernels with apparmor. Oh and since is kernel (not distro) related it's like deciding whether or not to drive a green car, you may not like green so you shouldn't look at any green cars on the used lot regardless of how awesome they are. Of course, on launchpad there is 'blueprints' where wishlists should properly be mentioned.

Cheers.

Can you help with this problem?

Provide an answer of your own, or ask Adam Stark for more information if necessary.

To post a message you must log in.