31.Lock DigitalRoom

The AppArmor Linux security system has picked up a few improvements and new features with the in-development Linux 6.7 kernel.

Performance optimizations are always welcome, especially in areas like AppArmor overhead. The IO_uring mediation is interesting although Linux 6.7 is limited to sqpoll and override_creds interfaces.

Historically IO_uring has been the source of some security vulnerabilities while since Linux 6.6 it's been made easier to disable IO_uring system-wide. The IO_uring security woes have mostly been with older kernels but in any event for those using AppArmor there is now IO_uring mediation available for those interested. This IO_uring support was added by Canonical engineers.