[ubuntu/mantic-proposed] apparmor 4.0.0~alpha2-0ubuntu1 (Accepted)
Alex Murray
alex.murray at canonical.com
Thu Aug 24 02:24:13 UTC 2023
apparmor (4.0.0~alpha2-0ubuntu1) mantic; urgency=medium
[ John Johansen ]
* New upstream release 4.0-alpha2
[ Alex Murray ]
* Infrastructure to enable AppArmor userns restrictions
(LP: #2030353, LP: #2032602)
- debian/usr/lib/sysctl.d/10-apparmor.conf: disable userns restrictions
for now until we have a complete set of profiles for the whole
Ubuntu archive
- debian/apparmor.install: ship sysctl.d file in the apparmor binary
package
- d/p/u/userns-unconfined.patch: add some additional profiles that
specify the userns permission with the unconfined flag for a currently
incomplete list of applications within the Ubuntu archive that use
unprivileged user namespaces
- usr.bin.ch-checkns
- usr.bin.ch-run
- usr.bin.crun
- usr.bin.flatpak
- debian/put-all-profiles-in-complain-mode.sh: don't put unconfined
profiles in complain mode
* Add patches from upstream to fix test failures
- d/p/u/tests-fix-userns-setns-opening-pipe-order.patch
- d/p/u/tests-replace-individual-socket-permissions.patch
- d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch
* Add new symbols
apparmor (4.0.0~alpha1-0ubuntu1) mantic; urgency=medium
* New upstream release.
* Drop patches which have now been applied upstream
- d/p/fix-expected-library-version.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/add-mqueue-support.patch
- d/p/u/add-userns-support.patch
- d/p/u/update-snap-browsers-permissions-lp1794064.patch
- d/p/u/add-4.0-abi.patch
* Refresh patches
- d/p/d/etc-writable.patch
- d/p/u/samba-systemd-interaction.patch
* d/apparmor.install: install aa-load
* d/apparmor-profiles.install:
- install new profiles
- usr.lib.dovecot.director
- usr.lib.dovecot.doveadm-server
- usr.lib.dovecot.replicator
- zgrep
- rpcbind
- chromium_browser
- usr.bin.pyzorsocket
- usr.bin.razorsocket
- usr.sbin.clamd
- usr.sbin.haproxy
- rename profiles
- firefox
- firefox.sh
Date: Tue, 22 Aug 2023 12:30:32 +0930
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apparmor/4.0.0~alpha2-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 22 Aug 2023 12:30:32 +0930
Source: apparmor
Built-For-Profiles: noudeb
Architecture: source
Version: 4.0.0~alpha2-0ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Alex Murray <alex.murray at canonical.com>
Launchpad-Bugs-Fixed: 2030353 2032602
Changes:
apparmor (4.0.0~alpha2-0ubuntu1) mantic; urgency=medium
.
[ John Johansen ]
* New upstream release 4.0-alpha2
.
[ Alex Murray ]
* Infrastructure to enable AppArmor userns restrictions
(LP: #2030353, LP: #2032602)
- debian/usr/lib/sysctl.d/10-apparmor.conf: disable userns restrictions
for now until we have a complete set of profiles for the whole
Ubuntu archive
- debian/apparmor.install: ship sysctl.d file in the apparmor binary
package
- d/p/u/userns-unconfined.patch: add some additional profiles that
specify the userns permission with the unconfined flag for a currently
incomplete list of applications within the Ubuntu archive that use
unprivileged user namespaces
- usr.bin.ch-checkns
- usr.bin.ch-run
- usr.bin.crun
- usr.bin.flatpak
- debian/put-all-profiles-in-complain-mode.sh: don't put unconfined
profiles in complain mode
* Add patches from upstream to fix test failures
- d/p/u/tests-fix-userns-setns-opening-pipe-order.patch
- d/p/u/tests-replace-individual-socket-permissions.patch
- d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch
* Add new symbols
.
apparmor (4.0.0~alpha1-0ubuntu1) mantic; urgency=medium
.
* New upstream release.
* Drop patches which have now been applied upstream
- d/p/fix-expected-library-version.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/add-mqueue-support.patch
- d/p/u/add-userns-support.patch
- d/p/u/update-snap-browsers-permissions-lp1794064.patch
- d/p/u/add-4.0-abi.patch
* Refresh patches
- d/p/d/etc-writable.patch
- d/p/u/samba-systemd-interaction.patch
* d/apparmor.install: install aa-load
* d/apparmor-profiles.install:
- install new profiles
- usr.lib.dovecot.director
- usr.lib.dovecot.doveadm-server
- usr.lib.dovecot.replicator
- zgrep
- rpcbind
- chromium_browser
- usr.bin.pyzorsocket
- usr.bin.razorsocket
- usr.sbin.clamd
- usr.sbin.haproxy
- rename profiles
- firefox
- firefox.sh
Checksums-Sha1:
b8a345bdf401dd89eadc0fd62a64dd3acd57e1a9 3048 apparmor_4.0.0~alpha2-0ubuntu1.dsc
065eda84200b5ac770f53e8ab9f3502e627a574d 8189939 apparmor_4.0.0~alpha2.orig.tar.gz
2a272bfad0d1f8d495d1d82fff7f3e132bb57da6 94876 apparmor_4.0.0~alpha2-0ubuntu1.debian.tar.xz
5931900553043dfeee1bfd7ee7bab3f6676ba74a 8185 apparmor_4.0.0~alpha2-0ubuntu1_source.buildinfo
Checksums-Sha256:
144e9b110943a0d8593dc2676cea57d81d5921d5833447f4fd17769b22a266b9 3048 apparmor_4.0.0~alpha2-0ubuntu1.dsc
594fcace8fbfb656b2e991b33feb1270ea0fdc09ec3ae517290afd409a57b368 8189939 apparmor_4.0.0~alpha2.orig.tar.gz
d6724908c1a14ab6fa9b8ad428db6afc4ce6f3a4bad7bca3a456b8f7160afb6d 94876 apparmor_4.0.0~alpha2-0ubuntu1.debian.tar.xz
871b944f58f6db2da7d0ce910fc71f5ee83d3eebfe03eed741f9f9abdfd87e96 8185 apparmor_4.0.0~alpha2-0ubuntu1_source.buildinfo
Files:
d90e3bd8f7b4097db80be1b2f4b70b26 3048 admin optional apparmor_4.0.0~alpha2-0ubuntu1.dsc
9ce9120ba5d5a4521e8257975a3b3814 8189939 admin optional apparmor_4.0.0~alpha2.orig.tar.gz
9770f5e6388c90eaa324a5252524fd06 94876 admin optional apparmor_4.0.0~alpha2-0ubuntu1.debian.tar.xz
25e53b38a17fe0236ebc7d5ee792c239 8185 admin optional apparmor_4.0.0~alpha2-0ubuntu1_source.buildinfo
Original-Maintainer: Debian AppArmor Team <pkg-apparmor-team at lists.alioth.debian.org>
More information about the mantic-changes
mailing list