© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
demo site
(Get the code!)
The upstream AppArmor project has cut the 2.11 Beta 1 release. It contains a large number of bug fixes and a key feature. The feature is to allow profiles and applications to take advantage of the policy namespace stacking that has landed in the Xenial kernel. This will allow LXD containers to be confined with an over-arching AppArmor profile while individual processes inside the container can be further confined with an individual profile.
Here's the changelog, containing Debian/Ubuntu bug fixes, that I have accumulated so far:
apparmor (2.10.95-
* Update to apparmor 2.10.95 (2.11 Beta 1)
- Allow Apache prefork profile to chown(2) files (LP: #1210514)
- Allow deluge-gtk and deluge-console to handle torrents opened in
browsers (LP: #1501913)
- Allow file accesses needed by some programs using libnl-3-200
(Closes: #810888)
- Allow file accesses needed on systems that use NetworkManager without
resolvconf (Closes: #813835)
- Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
- Fix aa-logprof(8) crash when operating on files containing multiple
profiles with certain rules (LP: #1528139)
- Fix log parsing crashes, in the Python utilities, caused by certain file
related events (LP: #1525119, LP: #1540562)
- Fix log parsing crasher, in the Python utilities, caused by certain
change_hat events (LP: #1523297)
- Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
when Python 3 is not available (LP: #1513880)
- Send aa-easyprof(8) error messages to stderr instead of stdout
(LP: #1521400)
- Fix aa-autodep(8) failure when the shebang line of a script contained
parameters (LP: #1505775)
- Don't depend on the system logprof.conf when running utils/ build tests
(LP: #1393979)
- Fix apparmor_parser(8) bugs when parsing profiles that use policy
namespaces in the profile declaration or profile transition targets
(LP: #1540666, LP: #1544387)
- Regression fix for apparmor_parser(8) bug that resulted in the
-
be loaded into the root policy namespace (LP: #1526085)
- Fix crasher regression in apparmor_parser(8) when the parser was asked
to process a directory (LP: #1534405)
- Fix bug in apparmor_parser(8) to honor the specified bind flags remount
rules (LP: #1272028)
- Support tarball generation for Coverity scans and fix a number of issues
discovered by Coverity
- Fix regression test failures on s390x systems (LP: #1531325)
- Adjust expected errno values in changeprofile regression test
(LP: #1559705)
- The Python utils gained support for ptrace and signal rules
- aa-exec(8) received a rewrite in C
- apparmor_parser(8) gained support for stacking multiple profiles, as
supported by the Xenial kernel (LP: #1379535)
- libapparmor gained new public interfaces, aa_stack_profile(2) and
aa_
stacking support (LP: #1379535)
* Drop the following patches since they've been incorporated upstream:
- aa-status-
- r3209-dnsmasq-
- r3227-locale-
- r3277-update-
- r3366-networkd.
- tests-fix_
- parser-
- parser-
- parser-
- parser-
- parser-
* debian/rules, debian/
for new upstream binutils directory and the new aa-exec and aa-enabled
binaries
* debian/
page
* debian/
access needed for nscd's paranoia mode
* debian/
regression test build time checks, for libapparmor stacking support, to
look for the 2.10.95 versioning rather than 2.11
-- Tyler Hicks <email address hidden> Thu, 24 Mar 2016 12:12:11 -0500