Package "apparmor-profiles"
| Name: |
apparmor-profiles
|
Description: |
experimental profiles for AppArmor security policies
|
| Latest version: |
4.1.0~beta5-0ubuntu14.2 |
| Release: |
plucky (25.04) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
apparmor |
| Homepage: |
https://apparmor.net/ |
Links
Download "apparmor-profiles"
Other versions of "apparmor-profiles" in Plucky
Changelog
|
apparmor (4.1.0~beta5-0ubuntu14.2) plucky; urgency=medium
* profiles: make /sys/devices PCI paths hex-aware (LP: #2115234)
-- Keifer Snedeker <email address hidden> Tue, 09 Sep 2025 17:23:48 -0400
|
| Source diff to previous version |
| 2115234 |
Improper globbing in rules for /sys/devices PCI paths |
|
|
apparmor (4.1.0~beta5-0ubuntu14.1) plucky; urgency=medium
* This is an SRU from Questing to Plucky, tracked in LP: #2110236
* Add patch to allow unprivileged_userns access to root dir
(LP: #2110616):
- d/p/u/unprivileged_userns_rootdir.patch
* Add patch to fix lsblk accesses on IBM System Z systems (LP: #2107402)
and execution from a confined context (LP: #2107455):
- d/p/u/lsblk-s390-fixes.patch
* Add patch to fix execution of various commands from confined contexts
(LP: #2110628):
- d/p/u/profiles_ensure_access_to_attach_path.patch
* Add patch to include new QtWebEngineProcess execution path in
plasmashell profile (LP: #2107723):
- d/p/u/plasmashell-QtWebEngineProcess-new-path.patch
* Add patch to allow /cvmfs fusermounts (LP: #2110624):
- d/p/u/fusermount3_cvmfs.patch
* Add patch to grant OpenVPN DNS accesses (LP: #2107596, LP: #2109029):
- d/p/u/openvpn_dnsfix.patch
* Add patch to expand allowed fusermount3 flags for fuse_overlayfs and
sshfs via fstab (LP: #2110626, LP: #2111807):
- d/p/u/fusermount3_allow_more_flags.patch
* Add patch to fix permission denials for iotop-c (LP: #2107727):
- d/p/u/profiles-give-iotop-c-additional-accesses.patch
* Add patch to fix parser handling of norelatime mount flag
(LP: #2110688):
- d/p/u/parser-fix-handling-of-norelatime-mount-rule-flag.patch
* Add patch to fix incorrect mount rule documentation in the apparmor.d
man page (LP: #2110630):
- d/p/u/fix-incorrect-mount-flag-apparmor.d-docs.patch
* Add patch to add regression tests for the above two patches:
- d/p/u/regression-verify-documented-mount-flag-behavior.patch
* d/p/u/remmina_mr_1348.patch, d/p/u/remmina-dbus-describeall.patch:
move the remmina profile to profiles/apparmor/profiles/extras to
disable it by default (LP: #2102033)
* debian/apparmor.install: remove the remmina profile entry
* debian/apparmor-profiles.install: add an entry for the remmina profile
* debian/apparmor.maintscript: remove the remmina profile upon upgrade
-- Ryan Lee <email address hidden> Wed, 27 May 2025 11:29:02 -0700
|
| 2110236 |
[SRU] fixes for AppArmor in Plucky |
| 2110616 |
apparmor unprivileged_userns profile missing access to / |
| 2107402 |
lsblk on IBM z Systems blocked by apparmor in 25.04 |
| 2107455 |
segfault of lsblk s390x in containers due to apparmor |
| 2110628 |
apparmor profiles need mr permissions on their own binaries for execution from a confined context |
| 2107723 |
Using KDE Plasma widget \ |
| 2110624 |
apparmor fusermount3 profile blocks mounts to /cvmfs/ subdirectories |
| 2107596 |
Apparmor is missing rule for openvpn to set DNS domain |
| 2109029 |
AppArmor OpenVPN profile blocks mDNS lookups |
| 2110626 |
apparmor fusermount3 profile disallows noatime flag, breaking fuse-overlayfs |
| 2111807 |
Plucky broke fstab sshfs mounts, which depend on fusermount |
| 2107727 |
iotop-c: Call of nl_init fails due to insufficient rights |
| 2110688 |
apparmor parser incorrectly treats norelatime mount flag as a no-op |
| 2110630 |
apparmor.d man page contains incorrect information about mount flag combinations |
| 2102033 |
remmina blocked by apparmor in Plucky |
|
About
-
Send Feedback to @ubuntu_updates
