Skip to content

Fix apparmor version checks #20305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jessfraz merged 2 commits into from
Feb 16, 2016
Merged

Fix apparmor version checks #20305

jessfraz merged 2 commits into from
Feb 16, 2016

Conversation

@cyphar
Copy link
Contributor

@cyphar cyphar commented Feb 14, 2016

The method used for checking the version of apparmor_parser
isn't actually correct (a version of 3.0 would cause the checks for
>2.9 to break). In addition, one of the version checks (for suppressing
ptrace denials) was not correct due to the Ubuntu package having
a misleading version number (2.8.95 which is actually 2.9).

This includes a carry of #20270, as well as fixing how versions are checked.

Signed-off-by: Aleksa Sarai [email protected]

@cyphar cyphar force-pushed the fix-apparmor-version-checks branch from 8a929aa to 43047da Compare February 14, 2016 08:09
@cyphar
Copy link
Contributor Author

cyphar commented Feb 14, 2016

/cc @jfrazelle

@cyphar
apparmor: fix version checks to work properly
4bf7a84 
Using {{if major}}{{if minor}} doesn't work as expected when the major
version changes. In addition, this didn't support patch levels (which is
necessary in some cases when distributions ship apparmor weirdly).

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar cyphar force-pushed the fix-apparmor-version-checks branch from 43047da to 284d9d4 Compare February 15, 2016 09:36
@cyphar
apparmor: use correct version for ptrace denial suppression
284d9d4 
Ubuntu ships apparmor_parser 2.9 erroniously as "2.8.95". Fix the
incorrect version check for >=2.8, when in fact 2.8 deosn't support the
required feature.

Signed-off-by: Aleksa Sarai <[email protected]>
@calavera
Copy link
Contributor

calavera commented Feb 16, 2016

LGTM

1 similar comment
@jessfraz
Copy link
Contributor

jessfraz commented Feb 16, 2016

LGTM

jessfraz pushed a commit that referenced this pull request Feb 16, 2016
Merge pull request #20305 from cyphar/fix-apparmor-version-checks
15d7fa7 
Fix apparmor version checks
@jessfraz jessfraz merged commit 15d7fa7 into moby:master Feb 16, 2016
@thaJeztah thaJeztah added this to the 1.10.2 milestone Feb 16, 2016
@cyphar cyphar deleted the fix-apparmor-version-checks branch February 16, 2016 21:49
@cyphar cyphar mentioned this pull request Feb 18, 2016
Closed
@tiborvass tiborvass removed this from the 1.10.2 milestone Feb 19, 2016
@thaJeztah thaJeztah mentioned this pull request May 12, 2016
Closed
@thaJeztah thaJeztah mentioned this pull request Feb 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status/2-code-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@cyphar @calavera @jessfraz @tiborvass @thaJeztah @GordonTheTurtle