Ubuntu
linux-manta package

disable sha-1 hashing for policy for Ubuntu Touch

Bug #1383886 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
In Progress
Medium
John Johansen
linux (Ubuntu)
Fix Released
Medium
John Johansen
linux-flo (Ubuntu)
Triaged
Medium
John Johansen
linux-goldfish (Ubuntu)
Triaged
Medium
John Johansen
linux-hammerhead (Ubuntu)
Triaged
Medium
John Johansen
linux-mako (Ubuntu)
Triaged
Medium
John Johansen
linux-manta (Ubuntu)
Triaged
Medium
John Johansen

Bug Description

Currently there is a compile time option to disable/enable sha-1 hashing of profiles. While enabling this option is useful for debugging, it can incur a 1 second cache load penalty on Ubuntu Touch with ~100 profiles. Upstream task is to make this runtime/boot time configurable.

See original description
Tags: aa-kernel

CVE References

Jamie Strandboge (jdstrand)
Changed in linux-flo (Ubuntu):
status: New → Triaged
Changed in linux-goldfish (Ubuntu):
status: New → Triaged
Changed in linux-hammerhead (Ubuntu):
status: New → Triaged
Changed in linux-mako (Ubuntu):
status: New → Triaged
Changed in linux-manta (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Changed in linux-mako (Ubuntu):
importance: Undecided → Medium
Changed in linux-hammerhead (Ubuntu):
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu):
importance: Undecided → Medium
Changed in linux-flo (Ubuntu):
importance: Undecided → Medium
Seth Arnold (seth-arnold)
description: updated
Revision history for this message
Tyler Hicks (tyhicks) wrote :

John has written a patch and sent it to the upstream AppArmor list:

  https://lists.ubuntu.com/archives/apparmor/2014-October/006696.html

This patch now should be sent to the Ubuntu Kernel Team list for inclusion in the Ubuntu kernels.

Changed in apparmor:
assignee: nobody → John Johansen (jjohansen)
status: Triaged → In Progress
Changed in linux-flo (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-goldfish (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-hammerhead (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-mako (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-manta (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
status: New → Triaged
importance: Undecided → Medium
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.18.0-8.9

---------------
linux (3.18.0-8.9) vivid; urgency=low

  [ Leann Ogasawara ]

  * Release Tracking Bug
    - LP: #1407692
  * rebase to v3.18.1
  * ubuntu: AUFS -- Resolve build failure union has no member named
    'd_child'

  [ Upstream Kernel Changes ]

  * arm64: optimized copy_to_user and copy_from_user assembly code
    - LP: #1400349
  * x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
    - LP: #1400314
    - CVE-2014-8134
  * rebase to v3.18.1
 -- Leann Ogasawara <email address hidden> Mon, 05 Jan 2015 09:12:32 -0800

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.