mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update Kernel_Feature_Matrix

John Johansen 2019-04-17 00:07:11 +00:00
parent b455bf0049
commit 213450a24f
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Kernel_Feature_Matrix.md

@ -21,7 +21,7 @@
| 4.17 | <ul><li> v8 abi<sup>1</sup></li><li>generic socket mediation (ie. basic network mediation)<sup>1</sup></li><li>improved profile attachment logic<ul><li>handle overlapping expression resolution up to 8 characters dynamic overlap in kernel<sup>2</sup></li><li>xattr attachment conditional<sup>1</sup></li><li>no_new_privs improved attachment with subset test based on confinement at time no_new_privs was entered<sup>3</sup></ul></li><li> signal mediation of profile stacks<sup>4</sup></li><li>Bug fixes and code cleanups</li></ul> | ```1``` AppArmor 3.0<br>```2``` Any userspace that supports attachment conditionasl 2.5+<br>```3``` no userspace requirements, reduces cases where nnp prevents a transition<br>```4```Same userspace as regular signal mediation AppArmor 2.9 |
| 4.18 | <ul><li>add support for secids and using secctxes</li><li>the ability to get a task's secid</li><li>add support for audit rules filtering. AppArmor task label can be used in audit rule filters</li><li>Bug fixes and code cleanups</li></ul> | No apparmor userspace requirements. |
| 4.19 | Bug fixes and code cleanups| |
| 4.20 | <ul><li>Secmark mediation for custom policy</li><li>Bug fixes and code cleanups</li></ul> |
| 4.20 | <ul><li>Secmark mediation for custom policy<sup>1</sup></li><li>Bug fixes and code cleanups</li></ul> | ```1``` Custom patch not in upstream apparmor |
| 5.0 | Bug fixes and code cleanups| |
| 5.1 | <ul><li>LSM stacking with generic blobs (sara/landlock). Does not include secids so insufficient to stack with selinux and smack.</li><li>Bug fixes and code cleanups</li></ul> | no userspace requirements. There is a new kernel parameter <i>lsm=</i> that is used in place of the old <i>security=</i> parameter |
| 5.2 | wip <ul><li>fine grained af_unix mediation<ul><li>unix rules<sup>1</sup></li><li>get peer sock label via so_peersec<sup>2</sup><li><li>dbus mediation<sup>3</sup></li></ul></li><li>no-new-privs rules</li></ul> | ```1``` AppArmor 3.0<br>```2```No userspace support needed to read via getsockopt. Library support for ```aa_getpeercon``` add in AppArmor 2.7<br>```3``` requires AppArmor 3.0 and D-Bus 1.10.0</li></ul>