Package "apparmor"
Name: |
apparmor
|
Description: |
user-space parser utility for AppArmor
|
Latest version: |
2.10.95-0ubuntu2 |
Release: |
xenial (16.04) |
Level: |
base |
Repository: |
main |
Homepage: |
http://apparmor.net/ |
Links
Save this URL for the latest version of "apparmor":
https://www.ubuntuupdates.org/apparmor
Download "apparmor"
Other versions of "apparmor" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
apparmor (2.10.95-0ubuntu2) xenial; urgency=medium
* debian/patches/r3435-allow-dnsmasq-access-to-lxd-bridge.patch: Grant
access to the new default bridge configuration in LXD 2.0.0 (LP: #1566944)
* debian/patches/r3437-add-attach-disconnected-to-dnsmasq.patch: Add the
attach_disconnected flag to the dnsmasq profile in order to prevent a
disconnected path denial triggered by the latest network-manager upload
(LP: #1569316)
* debian/lib/apparmor/functions: Reference the new path used for snapd
AppArmor profiles to fix a bug which left those profiles unloaded after
booting (LP: #1569573)
-- Tyler Hicks <email address hidden> Tue, 12 Apr 2016 16:59:46 -0500
|
Source diff to previous version |
1566944 |
dnsmasq profile prevents LXD container to launch |
1569316 |
Log flooded with run/dbus/system_bus_socket wr denied |
1569573 |
recent snapd path renames causes apparmor to not load profiles on boot |
|
apparmor (2.10.95-0ubuntu1) xenial; urgency=medium
* Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
- Allow Apache prefork profile to chown(2) files (LP: #1210514)
- Allow deluge-gtk and deluge-console to handle torrents opened in
browsers (LP: #1501913)
- Allow file accesses needed by some programs using libnl-3-200
(Closes: #810888)
- Allow file accesses needed on systems that use NetworkManager without
resolvconf (Closes: #813835)
- Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
- Fix aa-logprof(8) crash when operating on files containing multiple
profiles with certain rules (LP: #1528139)
- Fix log parsing crashes, in the Python utilities, caused by certain file
related events (LP: #1525119, LP: #1540562)
- Fix log parsing crasher, in the Python utilities, caused by certain
change_hat events (LP: #1523297)
- Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
when Python 3 is not available (LP: #1513880)
- Send aa-easyprof(8) error messages to stderr instead of stdout
(LP: #1521400)
- Fix aa-autodep(8) failure when the shebang line of a script contained
parameters (LP: #1505775)
- Don't depend on the system logprof.conf when running utils/ build tests
(LP: #1393979)
- Fix apparmor_parser(8) bugs when parsing profiles that use policy
namespaces in the profile declaration or profile transition targets
(LP: #1540666, LP: #1544387)
- Regression fix for apparmor_parser(8) bug that resulted in the
--namespace-string commandline option being ignored causing profiles to
be loaded into the root policy namespace (LP: #1526085)
- Fix crasher regression in apparmor_parser(8) when the parser was asked
to process a directory (LP: #1534405)
- Fix bug in apparmor_parser(8) to honor the specified bind flags remount
rules (LP: #1272028)
- Support tarball generation for Coverity scans and fix a number of issues
discovered by Coverity
- Fix regression test failures on s390x systems (LP: #1531325)
- Adjust expected errno values in changeprofile regression test
(LP: #1559705)
- The Python utils gained support for ptrace and signal rules
- aa-exec(8) received a rewrite in C
- apparmor_parser(8) gained support for stacking multiple profiles, as
supported by the Xenial kernel (LP: #1379535)
- libapparmor gained new public interfaces, aa_stack_profile(2) and
aa_stack_onexec(2), allowing applications to utilize the new kernel
stacking support (LP: #1379535)
* Drop the following patches since they've been incorporated upstream:
- aa-status-dont_require_python3-apparmor.patch
- r3209-dnsmasq-allow-dash
- r3227-locale-indep-capabilities-sorting.patch
- r3277-update-python-abstraction.patch
- r3366-networkd.patch,
- tests-fix_sysctl_test.patch
- parser-fix-cache-file-mtime-regression.patch
- parser-verify-cache-file-mtime.patch
- parser-run-caching-tests-without-apparmorfs.patch
- parser-do-cleanup-when-test-was-skipped.patch
- parser-allow-unspec-in-network-rules.patch
* debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update
for new upstream binutils directory and aa-enabled binary
- Continue installing aa-exec into /usr/sbin/ for now since
click-apparmor's aa-exec-click autopkgtest expects it to be there
* debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man
page
* debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file
access needed for nscd's paranoia mode
* debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the
regression test build time checks, for libapparmor stacking support, to
look for the 2.10.95 versioning rather than 2.11
* debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch:
Remove extra slash in the parser Makefile so that debugedit(8) can work on
apparmor_parser(8) (LP: #1561939)
* debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file
rules of the new stacking tests so that the generated profiles allow the
system binaries and libraries to be tested
* debian/libapparmor1.symbols: update symbols file for added symbols
in libapparmor
-- Tyler Hicks <email address hidden> Sat, 09 Apr 2016 01:35:25 -0500
|
1561762 |
[FFe] AppArmor 2.11 Beta 1 for policy namespace stacking and bug fixes |
1210514 |
Default apache prefork profile doesn't allow chown |
1501913 |
Apparmor Abstraction Prevents Firefox From Opening Torrents in Deluge-Gtk |
1480492 |
aa-status in apparmor-2.10 depends on python3-apparmor |
1528139 |
serialize_profile_from_old_profile() crash if file contains multiple profiles |
1525119 |
Cannot permit some operations for sssd |
1540562 |
aa-genprof crashes in logparser NoneType has no \ |
1523297 |
logparser.py crash for change_hat event |
1513880 |
[python2] aa-logprof: AppArmorBug: Passed unknown object to NetworkRule: inet |
1521400 |
aa-easyprof prints to stdout upon manifest parsing errors |
1505775 |
aa-autodep fails if shebang line contains parameters |
1393979 |
py tests depend on /etc/apparmor/logprof.conf |
1540666 |
change_profile's target namespace parsing doesn't work as intended |
1544387 |
apparmor_parser does not correctly handle profile namespaces when 'profile' keyword is used |
1526085 |
apparmor_parser --namespace-string does not load profiles in the specified ns in 2.10 |
1534405 |
Regression in parser compiling/loading a directory |
1272028 |
remount, not honored on bind mounts |
1531325 |
AppArmor tests fail on Xenial kernel on s390x arch |
1559705 |
linux: apparmor ADT test failures in changeprofile test |
1379535 |
policy namespace stacking |
1561939 |
debugedit fails to handle apparmor_parse due to extra slash |
810888 |
bin.ping: does not let iputils-ping read /etc/libnl-3 or @{PROC}/@{pid}/net/psched - Debian Bug report logs |
813835 |
abstractions/nameservice: does not allow NetworkManager without resolvconf - Debian Bug report logs |
|
About
-
Send Feedback to @ubuntu_updates