Skip to content

Releases: jaminmc/pve-kernel

Kernel 6.17.1-6.6

10 Oct 06:56
@jaminmc jaminmc
6.17.1-6.6
a0d194c

Choose a tag to compare

View all tags
Kernel 6.17.1-6.6 Pre-release
Pre-release

Add AppArmor 5.0.0 regression fixes for kernel 6.17
Fix two critical regressions introduced in AppArmor 5.0.0:

  1. NULL pointer dereference in __unix_needs_revalidation()

    • Added NULL checks for sock and sock->sk pointers
    • Fixes kernel crashes when containers pass FDs via SCM_RIGHTS
    • Patch: 0013-apparmor-fix-NULL-pointer-dereference-in-aa_file_per.patch

  2. Incorrect Unix socket sendmsg/recvmsg classification

    • Skip file-based permissions for socket message operations
    • Fixes audit denials (class=file → class=net)
    • Patch: 0014-apparmor-fix-unix-socket-sendmsg-classification.patch

These issues did not exist in AppArmor 4.x (kernel 6.14).

Tested with crun/podman containers - both fixes confirmed working.

Full Changelog: https://github.com/jaminmc/pve-kernel/commits/6.17.1-6.6

Loading