update apparmor and LSM stacking patch set
Bug #2028253 reported by
Andrea Righi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Mantic |
Fix Released
|
Critical
|
Unassigned | ||
Noble |
Fix Released
|
Critical
|
Unassigned |
Bug Description
[Impact]
Provide an updated patch set for apparmor / LSM stacking with all the custom features that we need in the Ubuntu kernel.
This patch set is required to provide the proper confinement with snaps and other Ubuntu-specific security features.
[Fix]
Apply the latest updated patch set from:
https:/
[Test case]
Run the apparmor test case suite.
[Regression potential]
This patch set introduces significant non-upstream changes to the security layer, so we may expect generic regressions in the kernel, especially running applications that are stressing the security layer (such as systemd, snapd, lxd, etc.).
Changed in linux (Ubuntu Mantic): | |
status: | New → Confirmed |
importance: | Undecided → Critical |
description: | updated |
Changed in linux (Ubuntu Mantic): | |
status: | Confirmed → Fix Committed |
tags: |
added: verification-done-jammy-linux-lowlatency-hwe-6.5 removed: verification-needed-jammy-linux-lowlatency-hwe-6.5 |
tags: |
added: verification-done-noble-linux-lowlatency removed: verification-needed-noble-linux-lowlatency |
tags: |
added: verification-done-noble-linux-ibm removed: verification-needed-noble-linux-ibm |
tags: |
added: verification-done-noble-linux-gke removed: verification-needed-noble-linux-gke |
tags: |
added: verification-done-noble-linux-gcp removed: verification-needed-noble-linux-gcp |
tags: |
added: verification-done-noble-linux-azure removed: verification-needed-noble-linux-azure |
tags: |
added: verification-done-noble-linux-aws removed: verification-needed-noble-linux-aws |
tags: |
added: verification-done-jammy-linux-oem-6.5 removed: verification-needed-jammy-linux-oem-6.5 |
tags: |
added: verification-done-jammy-linux-nvidia-6.5 verification-done-jammy-linux-nvidia-6.8 removed: verification-needed-jammy-linux-nvidia-6.5 verification-needed-jammy-linux-nvidia-6.8 |
tags: |
added: verification-done-jammy-linux-aws-6.5 verification-done-jammy-linux-azure-6.5 removed: verification-needed-jammy-linux-aws-6.5 verification-needed-jammy-linux-azure-6.5 |
To post a comment you must log in.
This bug is awaiting verification that the linux-oem- 6.5/6.5. 0-1002. 2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- jammy-linux- oem-6.5' to 'verification- done-jammy- linux-oem- 6.5'. If the problem still exists, change the tag 'verification- needed- jammy-linux- oem-6.5' to 'verification- failed- jammy-linux- oem-6.5' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!