LSM stacking and AppArmor for 6.2: additional fixes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lunar |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
We maintain custom LSM stacking and AppArmor SAUCE patches in our kernel to provide additional features that are not available in the upstream AppArmor.
We have experienced occasional bugs in the lunar kernel (specifically with the environ.sh test) that can lead to system crashes / failures (such as potential NULL pointer dereference).
[Test case]
Run AppArmor autopkgtest / qa-regression-
[Fix]
Apply the following additional fixes provided by AppArmor upstream maintainer:
UBUNTU: SAUCE: apparmor: fix policy_compat perms remap for file dfa
UBUNTU: SAUCE: apparmor: fix profile verification and enable it
UBUNTU: SAUCE: apparmor: fix: add missing failure check in compute_
UBUNTU: SAUCE: apparmor: fix: kzalloc perms tables for shared dfas
[Regression potential]
Additional fixes are touching only AppArmor specific code, so we may experience regressions (bugs / behavior change) only in apparmor by applying them.
CVE References
Changed in linux (Ubuntu Lunar): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in linux (Ubuntu Lunar): | |
status: | Triaged → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Triaged → Fix Committed |
tags: |
added: verification-done-jammy-linux-lowlatency-hwe-6.5 removed: verification-needed-jammy-linux-lowlatency-hwe-6.5 |
Specially crafted tests that can reliably trigger this issue will be added to the test suite.