[ale] Does kernel 2.6.20.3 have any apparmor module?

Steve Hamlin hamlinsg at gmail.com
Wed Oct 31 17:57:02 EDT 2007


I don't believe that AppArmor itself is included in the default
kernel.orgsources.  So, yes, you would need to apply a patch, if you
are building your
own kernel from kernel.org sources.

[ Aside:  oh, the days I spent tweaking my gentoo-sources kernel so that it
was just perfect - not a config option or module that was out of place or
unnecessary.  Not to mention my OCD with -USE flags and emerge.   4+ years
on a single install, then the HD died.  Backup: data=yes; install=no.  Gave
up Gentoo cold-turkey, been Ubuntu now for 1-2 years.  I feel like I kicked
a habit: "Hi, I'm Steve, and I was a Gentoo addict" :)  ]

AppArmor depends on the Linux Security Module (LSM), which is included in
the default kernel.  But you need to patch it with the AppArmor patch.
Several vendors patch their distribution kernels:  SuSE, Ubuntu.  Redhat
uses a different security policy framework, SELinux (which also uses LSM,
and might also be maintained outside of Linus' tree similar to AppArmor)

There is a more recent patch on the site you noted from October 2007 (go up
one level), but you might want to read the sources to figure out what kernel
version you can patch that into.  For all I know more recent AppArmor
patches might only apply to kernels more recent than 2.6.20.3 (no idea at
all).
---

Depending on WHY you are building a kernel, you might just be able to use
the kernel sources for the openSuSE distribution kernel (which is already
patched with AppArmor), and configure & build that exactly how you want.


 - Steve



On 10/30/07, hxsrmeng <hxsrmeng at gmail.com> wrote:
>
> Hi friends,
>
> I am building a 2.6.20.3 kernel on an openSUSE 10.2.
>
> I cannot find the apparmor in the kernel's configuration file. When boot
> with the new kernel, it shows that it's failed to load apparmor module.
>
> Do I need to apply a patch? May I use the kernel patch at the website:
> http://forgeftp.novell.com//apparmor/LKML_Submission-June-07/ ?
>
> Thanks.
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list