Comment # 8 on bug 991901 from 
(In reply to Noel Power from comment #7)
> I get the point of some maybe future issue about lack of corresponding log
> entry for a net_admin cap issue, I think it will affect development
> debugging rather than users though. 

Depends on what exactly it breaks ;-)  - but at least I'd hope that the
developers will notice it first.

> However this just reminds me about the fact that we (e.g. SLE) still use
> this cobbled together old version of apparmor. It makes no sense IMHO
> (unless there is some real genuine difference, Christian do you know?)

I proposed AppArmor 2.9 for SLE 12 GA - it was in beta status at that time and
the final release would have been in time for the SLE release. However it was
declined, see bug 864091 for details.

The biggest change in 2.9 is that the aa-* tools were rewritten in python
(instead of the interesting[tm] perl code in 2.8, and it didn't take too long
until a SLE user found a bug that was already fixed in the python code), but
there were also other changes.

You can find the detailed 2.9.x and 2.10.x release notes at
http://wiki.apparmor.net/index.php?title=Special%3AAllPages&from=Release&to=Rev
(BTW: 2.11 will be released soon)

> Because apparmor affects so many processes I don't know if it would be
> acceptable to change to the newer version mid SP2 but for SP3 we should
> really fix this( not sure how that should happen maybe FATE or some other
> mechanism)

I'll leave the SLE paperwork to you ;-)

You are receiving this mail because: