mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Create IRC_meeting_2022 10 11
John Johansen
parent
7c7ce71d93
commit
3b35cf30d9
1 changed files with 60 additions and 0 deletions
60
IRC_meeting_2022-10-11.md
Normal file
60
IRC_meeting_2022-10-11.md
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
```
|
||||
(11:14:20 AM) jjohansen: cboltz, sbeattie, sarnold: anyone else meeting time
|
||||
(11:15:15 AM) ***cboltz hides
|
||||
(11:15:31 AM) jjohansen: \o/
|
||||
(11:15:42 AM) jjohansen: so I can get back to debugging then
|
||||
(11:16:09 AM) cboltz: I've seen some acked-by <timeout> MRs, maybe you can give them a somewhat better review?
|
||||
(11:16:27 AM) jjohansen: Maybe in 2 weeks?
|
||||
(11:17:01 AM) jjohansen: the truth is I am just swamped, working crazy hours 7 days a week atm
|
||||
(11:17:12 AM) cboltz: oh, nice :-/
|
||||
(11:17:23 AM) jjohansen: far, far, far, in excess of 40hrs a week
|
||||
(11:17:42 AM) jjohansen: in fact exceeding 100 hrs a week
|
||||
(11:17:53 AM) cboltz: I guess that means it's also a bad time to ask about the 3.1 release notes?
|
||||
(11:18:13 AM) jjohansen: well, I plan to get to those in 2-3 weeks
|
||||
(11:18:26 AM) sbeattie: eugh, yeah, I keep meaning to get to the release notes.
|
||||
(11:20:22 AM) jjohansen: with the way things have gone atm the 4.0 release will be pushed into next year
|
||||
(11:21:03 AM) ***cboltz isn't surprised
|
||||
(11:21:17 AM) jjohansen: I hope to get back to some of its items that overlap current work I am doing later this week
|
||||
(11:21:30 AM) jjohansen: always nice when I get some items shared
|
||||
(11:22:24 AM) jjohansen: do we have anything else to discuss?
|
||||
(11:23:59 AM) cboltz: just wondering, since I see some small kernel patches on the ML: what's the current status of upstreaming?
|
||||
(11:24:10 AM) cboltz: are there patches left in Ubuntu, or do you have everything upstream?
|
||||
(11:24:28 AM) jjohansen: so I have a rather larger set, for upstream this cycle
|
||||
(11:24:41 AM) jjohansen: if, I get figure out the current regression asap
|
||||
(11:25:05 AM) jjohansen: otherwise being halfway through the merge window this set will have to sit for another cycle
|
||||
(11:25:09 AM) jjohansen: which would be bad
|
||||
(11:25:58 AM) sbeattie: cboltz: feel free to direct me to which reviews are pending, I'll try to take a look.
|
||||
(11:26:06 AM) jjohansen: the upstreaming of fine grained unix mediation is becoming priority again so that looks like something work will sponsor next cycle
|
||||
(11:26:47 AM) jjohansen: so this cycle is primary about reworking/extending permissions
|
||||
(11:27:00 AM) jjohansen: you won't see userspace support for it until apparmor 4
|
||||
(11:27:02 AM) cboltz: sbeattie: the ones that are a week...3 months old are probably the most interesting ones
|
||||
(11:27:26 AM) jjohansen: next cycle currently has some audit and core cleanups so far
|
||||
(11:28:22 AM) jjohansen: it will also pickup the user namespace mediation and hopefully io_uring (but that might need to be pushed off an extra cycle)
|
||||
(11:29:01 AM) jjohansen: we have some ipc mediation that needs more work and I don't expect to land until 6.3
|
||||
(11:29:04 AM) cboltz: at the risk of causing you even more work - which repo and branch could I look at?
|
||||
(11:29:46 AM) jjohansen: the current upstream apparmor-next, apparmor-next-next or the dreaded prompting branch which is a mash of these and even more
|
||||
(11:30:03 AM) jjohansen: there are actually a lot of patches in flight atm
|
||||
(11:30:29 AM) jjohansen: cboltz: https://gitlab.com/jjohansen/apparmor-kernel
|
||||
(11:30:45 AM) jjohansen: err https://gitlab.com/jjohansen/apparmor-kernel/-/tree/apparmor-next
|
||||
(11:31:04 AM) jjohansen: there is a regression at the moment that is breaking snaps
|
||||
(11:31:11 AM) cboltz: ah, there it hides ;-) - I already wondered that apparmor/apparmor-kernel looks "a bit" old
|
||||
(11:31:40 AM) jjohansen: well there is also the kernel.org mirror of it, but I am trying to point most people at gitlab now
|
||||
(11:32:30 AM) jjohansen: I should be pushing to the apparmor/apparmor-kernel, I guess I forgot
|
||||
(11:32:45 AM) jjohansen: I'll make sure to get it updated as well
|
||||
(11:33:18 AM) jjohansen: the permissions rework, lays the foundations for lots of improvements
|
||||
(11:33:36 AM) jjohansen: like being able to have just certain parts of the profile in complain mode
|
||||
(11:34:46 AM) cboltz: you mean something like complain /home/** rwkl, in an enforced profile? Or did I mis-guess?
|
||||
(11:34:50 AM) jjohansen: yes
|
||||
(11:36:10 AM) cboltz: I guess I'd do that with audit rules nowadays ;-)
|
||||
(11:36:42 AM) jjohansen: rule wise you are looking at
|
||||
(11:36:42 AM) jjohansen: (deny|quiet) (allow|prompt|complain|deny|kill|access) rw /foo/**,
|
||||
(11:37:39 AM) jjohansen: where prompt is not something available atm but the permissions backend will support it if we can ever get something like that upstream
|
||||
(11:38:13 AM) cboltz: looks interesting, and might give us some fun with handling it in the tools - but it's probably worth it
|
||||
(11:38:49 AM) jjohansen: oh uhmm s/(deny|quiet)/(audit|quiet)
|
||||
(11:40:00 AM) jjohansen: it also lays the ground work for finer grained permissions, so maybe splitting create off of w
|
||||
(11:40:31 AM) jjohansen: or metaread/write etc
|
||||
(11:42:43 AM) jjohansen: do we have anything else to discuss?
|
||||
(11:43:18 AM) cboltz: nothing from me
|
||||
(11:43:34 AM) jjohansen: alright thanks
|
||||
(11:43:41 AM) jjohansen: meeting adjourned
|
||||
```
|
||||
Loading…
Add table
Reference in a new issue