https://bugzilla.novell.com/show_bug.cgi?id=338461#c8
--- Comment #8 from uwe mertens
Your profiles have not been able to load because the older apparmor_parser can not load profiles to the newer kernel module. This was done because the newer kernel moved to a more efficient matching scheme using a dfa, and the dfa tables are built and verified user side.
All the packages should be available in the 10.3 repo. Several of the packages including the apparmor-utils-2.1-11 pacakge are in the noarch portion of the repo.
http://download.opensuse.org/distribution/10.3/repo/oss/suse/noarch/
I do need upload snapshots to the apparmor project and, setup packages in the build service as well, which will help in package availability.
The kernel currently has a requires on the 2.0.1 apparmor parser, this is a bug and it should have been updated. This would have prevented the kernel from being installed without a parser that can load the profiles. A note being added to the kernel README file as well is a good idea.
The behavior for the newer tools with the older kernel should be okay. The parser can load policy to the older kernel and the tools will work with it as well. There is a problem however in which set of profiles that gets loaded is not chosen based off of the running kernel, and if profiles make use of the newer features the parser will refuse to load it.
I have loaded the last missing module apparmor-utils-2.1-11. I did not find the module as the search engine of Novell did not deliver a result on the search of apparmor-utils-2.1-11. The search of apparmor-utils was successful. The modules I observed to be skipped during boot were those marked by rpm as rpmsave when I had installed the new profiles. Therefore, I think the bug is fixed. In order to work alternatively with the old and the new kernel I have stored the two sets of profiles in two different directories: /etc/apparmor.d$(uname -r) The directory apparmor.d is been removed. Into the /etc/init.d/boot.apparmor skript I have inserted two lines just behind the leading comment: rm /etc/apparmor.d ln -s /etc/apparmor.d$(uname -r) /etc/apparmor.d With this link booting of both kernel releases works and I think the tools of apparmor work too, If there would be an automated update of the kernel with change of the release number then the according profile directory needs to be renamed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.