ACK: [SRU][Q][PATCH 0/2] fix network mediation issues

Yufeng Gao yufeng.gao at canonical.com
Fri Apr 10 01:25:27 UTC 2026 

On 3/4/26 04:49, Georgia Garcia wrote:
> BugLink: https://bugs.launchpad.net/bugs/2142860
>
> SRU Justification:
>
> [Impact]
>
> During a rebase the code to wire in the fine grained inet mediation
> for sock_file_perm got dropped. This breaks network mediation if
> v8/v9 fine grained inet mediation is used, which was the case for
> the policy that was updated to use abi 5.0 added in apparmor 5.0.0~alpha2
>
> [Fix]
>
> Cherry-pick resolute:linux commits:
> 5240899d3fb2e01b88ecceb2c53921dd64b74c75
> 7cb6769a2d96ab3b6da8ca401936a22745523bad
>
> [Test Plan]
>
> There are two test cases:
>
> 1. using flatpak:
> $ sudo apt install flatpak
> $ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
> $ flatpak install flathub com.brave.Browser
> $ flatpak run com.brave.Browser
>
> When the browser opens, make sure it can open any website
> (https://ubuntu.com/ for example)
>
> 2. using sbuild with unshare backend
>
> $ sudo apt install sbuild mmdebstrap uidmap
>
> Create a file called .sbuildrc in your home directory with the
> following contents:
>
> $mailto = 'foo at bar.com';
> $maintainer_name='Foo Bar <foo at bar.com>';
> #$build_dep_resolver="apt";
> $chroot_mode = "unshare";
> 1;
>
> Edit /etc/apt/sources.list.d/ubuntu.sources adding deb-src to Types:
>
> Types: deb deb-src
>
> $ sudo apt update
> $ apt source apparmor
> $ cd apparmor-5.0.0~beta1/
> $ sbuild -d resolute
>
> Make sure you don't see any "Connection failed" messages during the
> step "I: Setting up apt archive..." and that build completes
> successfully.
>
> [Where problems could occur]
>
> The regression can be considered as low since both fixes have been
> applied to the resolute kernel.
>
> John Johansen (2):
>    UBUNTU: SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet
>      mediation sock_file_perm
>    UBUNTU: SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr
>      mediation binding
>
>   security/apparmor/af_inet.c | 2 +-
>   security/apparmor/audit.c   | 2 +-
>   security/apparmor/net.c     | 9 ++++++++-
>   3 files changed, 10 insertions(+), 3 deletions(-)
>
Acked-by: Yufeng Gao <yufeng.gao at canonical.com>

More information about the kernel-team mailing list