[ubuntu/questing-proposed] pollinate 4.33-4ubuntu4 (Accepted)

Andreas Hasenack andreas at canonical.com
Thu Sep 25 13:10:44 UTC 2025 

pollinate (4.33-4ubuntu4) questing; urgency=medium

  * Several d/apparmor/pollinate fixes:
    - adjust apparmor profile to cope with coreutils paths by using the new
      @{coreutil_dirs} variable (LP: #2123870)
    - allow "grep" only (no variants), and restrict the "awk" variants
    - we don't need a rule for coreutils binary itself
    - allow for usr-merge paths
    - allow printf
    - allow unconfined fallback for dmesg and systemd-detect-virt. These
      require extra privileges which are too broad for pollimate as a whole.
      systemd-detect-virt in particular is hard to accomodate and test as there
      are many different types of containers, VMs, and hosts, where it could
      run.

Date: Thu, 25 Sep 2025 09:47:47 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/pollinate/4.33-4ubuntu4
-------------- next part --------------
Format: 1.8
Date: Thu, 25 Sep 2025 09:47:47 -0300
Source: pollinate
Built-For-Profiles: noudeb
Architecture: source
Version: 4.33-4ubuntu4
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Launchpad-Bugs-Fixed: 2123870
Changes:
 pollinate (4.33-4ubuntu4) questing; urgency=medium
 .
   * Several d/apparmor/pollinate fixes:
     - adjust apparmor profile to cope with coreutils paths by using the new
       @{coreutil_dirs} variable (LP: #2123870)
     - allow "grep" only (no variants), and restrict the "awk" variants
     - we don't need a rule for coreutils binary itself
     - allow for usr-merge paths
     - allow printf
     - allow unconfined fallback for dmesg and systemd-detect-virt. These
       require extra privileges which are too broad for pollimate as a whole.
       systemd-detect-virt in particular is hard to accomodate and test as there
       are many different types of containers, VMs, and hosts, where it could
       run.
Checksums-Sha1:
 216dd5e10729b74d22bbd8452ff7214f28807e14 2107 pollinate_4.33-4ubuntu4.dsc
 ee2d9cf7ca4989b4998a6811065b0bc99edfa65c 17028 pollinate_4.33-4ubuntu4.debian.tar.xz
 94c76e3df4f22bb3bc32bca35523e3cab91ee50a 6631 pollinate_4.33-4ubuntu4_source.buildinfo
Checksums-Sha256:
 b6de203077b0adbded46f6bf524b6d8f98be7efc4e68af761ab2242565a28fa4 2107 pollinate_4.33-4ubuntu4.dsc
 f214d87c895b95caaba1457af8daf4dec68b4b5e67f4c5b063de5e840f1f8b4e 17028 pollinate_4.33-4ubuntu4.debian.tar.xz
 5cc24829be1382df7d1525e4bd539a5515a3f739acbb5719d69a1400db19d57e 6631 pollinate_4.33-4ubuntu4_source.buildinfo
Files:
 b2e061de27f1b956eaaa27df40fc6611 2107 admin optional pollinate_4.33-4ubuntu4.dsc
 9f71307c6fd28cba2d1b4981b78cdc22 17028 admin optional pollinate_4.33-4ubuntu4.debian.tar.xz
 d350f0201a70756a98d8ab6cebe9abed 6631 admin optional pollinate_4.33-4ubuntu4_source.buildinfo
Original-Maintainer: Thorsten Alteholz <debian at alteholz.de>
Vcs-Git: https://git.launchpad.net/~ahasenack/ubuntu/+source/pollinate
Vcs-Git-Commit: f8fdbfb190ec8d0ca20bfbb08e32ac0948b397b6
Vcs-Git-Ref: refs/heads/questing-pollinate-apparmor-coreutils

More information about the Questing-changes mailing list