[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Jamie Strandboge
jamie at ubuntu.com
Fri Oct 15 23:35:06 BST 2010
Uploaded 2.5.1-0ubuntu0.10.04.1 to lucid-proposed. Attached is a diff
between profiles/ on 2.5-0ubuntu3 and 2.5.1. I will also attach the diff
between the debian/ directories.
For the most part, I have removed features when they were implemented in packaging. Ie:
* I have dropped the backported from 2.6 local/ and ubuntu-browsers.d/ changes
* I have dropped the chromium-browser profile in apparmor-profiles (it depends on the above)
* I have dropped the aa-update-browser tool (also depends on the above)
* I removed use of dh_apparmor
In terms of abstractions, there are many abstraction bug fixes allowing additional access. There were three changes that were noteworthy:
1. machine-id moved from dbus to dbus-session. I added 0009-lucid-compat-dbus.patch to move it back
2. kde4-config was removed from the kde abstraction. I added 0010-lucid-compat-kde.patch to put it back (with PUx instead of Ux)
3. user-tmp uses 'owner' match in 2.5.1. This is a highly desirable security improvement (see bug #578922) for an LTS, and should not affect any applications in the default Ubuntu install. I have added text to the changelog to explain this in detail.
I also made sure that shipped profiles/abstractions shipped in the same
package (eg, the apache2* abstraction shipped in apparmor in Lucid, but
libapache2-mod-apparmor in Maverick. I reverted that change.
I have tested locally on a default amd64 install against QRT (which
includes package test, initscript tests, apport, non-build testsuites,
and more) and it passes. Once the packages build in -proposed, I will
retest them on i386 and amd64, and will test all packages that ship a
confined binary. I also tested linux-image-generic-lts-backport-maverick
against QRT on amd64 and it works great. I plan to coordinate more
testing with the kernel-team once the packages are in -proposed.
--
update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
https://bugs.launchpad.net/bugs/660077
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list