Comment 6 for bug 1780227

You are correct that the kernel reports a supported abi, and currently the abi does not export that it is supporting link mediation for sockets. However the kernel is currently enforcing link mediation on sockets and there are reasons to want to continue to do so.

The plan would be to let the parser know that existing kernel abis have a quirk where they are not correctly advertising the abi. The parser would then correctly generate policy for both old and new kernels.

The patch would be rolled out in upstream apparmor point releases
2.10.4, 2.11.2, 2.12.1, and 2.13.1, as well as being dropped into supported ubuntu releases. Suse and Debian will pickup the bug fixes from upstream, they are fairly good about picking up point release bug fixes.

Updating the userspace probably provides us the widest roll out of the fix possible.