Comment 16 for bug 1272028

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.5~14.04.1

---------------
apparmor (2.10.95-0ubuntu2.5~14.04.1) trusty; urgency=medium

  * Bring apparmor 2.10.95-0ubuntu2.5, from Ubuntu 16.04, to Ubuntu 14.04.
    - This allows for proper snap confinement on Ubuntu 14.04 when using the
      hardware enablement kernel (LP: #1641243)
  * Changes made on top of 2.10.95-0ubuntu2.5:
    - debian/apparmor.upstart: Remove the upstart job and continue using the
      init script in 14.04
    - debian/apparmor.postinst, debian/apparmor-profiles.postinst,
      debian/apparmor-profiles.postrm, debian/rules: Revert to using
      invoke-rc.d to load the profiles, rather than reloading them directly,
      since 14.04 will continue using the init script rather than the upstart
      job.
    - debian/apparmor.init, debian/lib/apparmor/functions,
      debian/apparmor.postinst, debian/apparmor.postrm: Remove functionality
      dealing with AppArmor policy in system image based environments since
      this 14.04 package will not need to handle such environments. This
      removes the handle_system_policy_package_updates(),
      compare_previous_version(), compare_and_save_debsums() functions and
      their callers.
    - debian/apparmor.init: Continue using running-in-container since
      systemd-detect-virt doesn't exist on 14.04
    - debian/lib/apparmor/functions, debian/apparmor.init: Remove the
      is_container_with_internal_policy() function and adjust its call sites
      in apparmor.init so that AppArmor policy is not loaded inside of 14.04
      LXD containers (avoids bug #1641236)
    - debian/lib/apparmor/profile-load, debian/apparmor.install: Remove
      profile-load as upstart's apparmor-profile-load is used in 14.04
    - debian/patches/libapparmor-mention-dbus-method-in-getcon-man.patch:
      Continue applying this patch since the dbus version in 14.04 isn't new
      enough to support fetching the AppArmor context from
      org.freedesktop.DBus.GetConnectionCredentials().
    - debian/patches/libapparmor-force-libtoolize-replacement.patch: Force
      libtoolize to replace existing files to fix a libapparmor FTBFS issue on
      14.04.
    - debian/control: Retain the original 14.04 Breaks and ignore the new
      Breaks from 2.10.95-0ubuntu2.5 since they were put in place as part of
      the enablement of UNIX domain socket mediation. They're not needed in
      this upload since UNIX domain socket mediation is disabled by default so
      updates to the profiles included in those packages are not needed.
    - Preserve the profiles and abstractions from 14.04's
      2.8.95~2430-0ubuntu5.3 apparmor package by recreating them in the
      top-level profiles-14.04/ directory of the source. They'll be installed
      to debian/tmp/etc/apparmor.d/ during the build process and then to
      /etc/apparmor.d/ on package install so that there are no changes to the
      shipped profiles or abstractions. The abstractions from
      2.10.95-0ubuntu2.5 will be installed into
      debian/tmp/snap/etc/apparmor.d/ during the build process and then into
      /etc/apparmor.d/snap/abstractions/ on package install for use with snap
      confinement. Snap confinement profiles, which includes AppArmor profiles
      loaded by snapd and profiles loaded by snaps that are allowed to manage
      AppArmor policy, will use the snap abstractions. All other AppArmor
      profiles will continue to use the 14.04 abstractions.
      - debian/rules: Adjust for new profiles-14.04/ directory
      - debian/apparmor-profiles.install: Adjust to install the profiles that
        were installed in the 2.8.95~2430-0ubuntu5.3 package
      - debian/apparmor.install: Install the abstractions from the
        2.10.95-0ubuntu2.5 package into /etc/apparmor.d/snap/abstractions/
      - debian/patches/14.04-profiles.patch: Preserve the 14.04 profiles and
        abstractions from the 2.8.95~2430-0ubuntu5.3 apparmor package.
      - debian/patches/conditionalize-post-release-features.patch: Disable new
        mediation features, implemented after the Ubuntu 14.04 release, unless
        the profile is for snap confinement. If the profile is for snap
        confinement, the abstractions from /etc/apparmor.d/snap/abstractions
        will be used and all of the mediation features will be enabled.
    - 14.04-add-chromium-browser.patch,
      14.04-add-debian-integration-to-lighttpd.patch,
      14.04-etc-writable.patch,
      14.04-update-base-abstraction-for-signals-and-ptrace.patch,
      14.04-dnsmasq-libvirtd-signal-ptrace.patch,
      14.04-update-chromium-browser.patch,
      14.04-php5-Zend_semaphore-lp1401084.patch,
      14.04-dnsmasq-lxc_networking-lp1403468.patch,
      14.04-profiles-texlive_font_generation-lp1010909.patch,
      14.04-profiles-dovecot-updates-lp1296667.patch,
      14.04-profiles-adjust_X_for_lightdm-lp1339727.patch: Import all of the
      patches, from 14.04's 2.8.95~2430-0ubuntu5.3 apparmor package, which
      patched profiles/ and adjust them to patch profiles-14.04/ instead.
    - debian/patches/revert-r2550-and-r2551.patch: Revert two upstream changes
      to mod_apparmor which could potentially regress existing users of
      mod_apparmor in 14.04. These upstream changes are not appropriate for an
      SRU.

 -- Tyler Hicks <email address hidden> Wed, 30 Nov 2016 16:36:02 +0000