UbuntuUpdates.org

Package "apparmor"

Name: apparmor

Description:

user-space parser utility for AppArmor
Latest version: 2.10.95-0ubuntu2
Release: xenial (16.04)
Level: base
Repository: main
Homepage: http://apparmor.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "apparmor"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "apparmor" in Xenial

Repository Area Version
base universe 2.10.95-0ubuntu2
security universe 2.10.95-0ubuntu2.11
security main 2.10.95-0ubuntu2.11
updates universe 2.10.95-0ubuntu2.11
updates main 2.10.95-0ubuntu2.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10.95-0ubuntu2 2016-04-13 15:06:45 UTC

  apparmor (2.10.95-0ubuntu2) xenial; urgency=medium

  * debian/patches/r3435-allow-dnsmasq-access-to-lxd-bridge.patch: Grant
    access to the new default bridge configuration in LXD 2.0.0 (LP: #1566944)
  * debian/patches/r3437-add-attach-disconnected-to-dnsmasq.patch: Add the
    attach_disconnected flag to the dnsmasq profile in order to prevent a
    disconnected path denial triggered by the latest network-manager upload
    (LP: #1569316)
  * debian/lib/apparmor/functions: Reference the new path used for snapd
    AppArmor profiles to fix a bug which left those profiles unloaded after
    booting (LP: #1569573)

 -- Tyler Hicks <email address hidden> Tue, 12 Apr 2016 16:59:46 -0500
Source diff to previous version
1566944 dnsmasq profile prevents LXD container to launch
1569316 Log flooded with run/dbus/system_bus_socket wr denied
1569573 recent snapd path renames causes apparmor to not load profiles on boot

Version: 2.10.95-0ubuntu1 2016-04-11 08:06:58 UTC

  apparmor (2.10.95-0ubuntu1) xenial; urgency=medium

  * Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
    - Allow Apache prefork profile to chown(2) files (LP: #1210514)
    - Allow deluge-gtk and deluge-console to handle torrents opened in
      browsers (LP: #1501913)
    - Allow file accesses needed by some programs using libnl-3-200
      (Closes: #810888)
    - Allow file accesses needed on systems that use NetworkManager without
      resolvconf (Closes: #813835)
    - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
    - Fix aa-logprof(8) crash when operating on files containing multiple
      profiles with certain rules (LP: #1528139)
    - Fix log parsing crashes, in the Python utilities, caused by certain file
      related events (LP: #1525119, LP: #1540562)
    - Fix log parsing crasher, in the Python utilities, caused by certain
      change_hat events (LP: #1523297)
    - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
      when Python 3 is not available (LP: #1513880)
    - Send aa-easyprof(8) error messages to stderr instead of stdout
      (LP: #1521400)
    - Fix aa-autodep(8) failure when the shebang line of a script contained
      parameters (LP: #1505775)
    - Don't depend on the system logprof.conf when running utils/ build tests
      (LP: #1393979)
    - Fix apparmor_parser(8) bugs when parsing profiles that use policy
      namespaces in the profile declaration or profile transition targets
      (LP: #1540666, LP: #1544387)
    - Regression fix for apparmor_parser(8) bug that resulted in the
      --namespace-string commandline option being ignored causing profiles to
      be loaded into the root policy namespace (LP: #1526085)
    - Fix crasher regression in apparmor_parser(8) when the parser was asked
      to process a directory (LP: #1534405)
    - Fix bug in apparmor_parser(8) to honor the specified bind flags remount
      rules (LP: #1272028)
    - Support tarball generation for Coverity scans and fix a number of issues
      discovered by Coverity
    - Fix regression test failures on s390x systems (LP: #1531325)
    - Adjust expected errno values in changeprofile regression test
      (LP: #1559705)
    - The Python utils gained support for ptrace and signal rules
    - aa-exec(8) received a rewrite in C
    - apparmor_parser(8) gained support for stacking multiple profiles, as
      supported by the Xenial kernel (LP: #1379535)
    - libapparmor gained new public interfaces, aa_stack_profile(2) and
      aa_stack_onexec(2), allowing applications to utilize the new kernel
      stacking support (LP: #1379535)
  * Drop the following patches since they've been incorporated upstream:
    - aa-status-dont_require_python3-apparmor.patch
    - r3209-dnsmasq-allow-dash
    - r3227-locale-indep-capabilities-sorting.patch
    - r3277-update-python-abstraction.patch
    - r3366-networkd.patch,
    - tests-fix_sysctl_test.patch
    - parser-fix-cache-file-mtime-regression.patch
    - parser-verify-cache-file-mtime.patch
    - parser-run-caching-tests-without-apparmorfs.patch
    - parser-do-cleanup-when-test-was-skipped.patch
    - parser-allow-unspec-in-network-rules.patch
  * debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update
    for new upstream binutils directory and aa-enabled binary
    - Continue installing aa-exec into /usr/sbin/ for now since
      click-apparmor's aa-exec-click autopkgtest expects it to be there
  * debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man
    page
  * debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file
    access needed for nscd's paranoia mode
  * debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the
    regression test build time checks, for libapparmor stacking support, to
    look for the 2.10.95 versioning rather than 2.11
  * debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch:
    Remove extra slash in the parser Makefile so that debugedit(8) can work on
    apparmor_parser(8) (LP: #1561939)
  * debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file
    rules of the new stacking tests so that the generated profiles allow the
    system binaries and libraries to be tested
  * debian/libapparmor1.symbols: update symbols file for added symbols
    in libapparmor

 -- Tyler Hicks <email address hidden> Sat, 09 Apr 2016 01:35:25 -0500
1561762 [FFe] AppArmor 2.11 Beta 1 for policy namespace stacking and bug fixes
1210514 Default apache prefork profile doesn't allow chown
1501913 Apparmor Abstraction Prevents Firefox From Opening Torrents in Deluge-Gtk
1480492 aa-status in apparmor-2.10 depends on python3-apparmor
1528139 serialize_profile_from_old_profile() crash if file contains multiple profiles
1525119 Cannot permit some operations for sssd
1540562 aa-genprof crashes in logparser NoneType has no \
1523297 logparser.py crash for change_hat event
1513880 [python2] aa-logprof: AppArmorBug: Passed unknown object to NetworkRule: inet
1521400 aa-easyprof prints to stdout upon manifest parsing errors
1505775 aa-autodep fails if shebang line contains parameters
1393979 py tests depend on /etc/apparmor/logprof.conf
1540666 change_profile's target namespace parsing doesn't work as intended
1544387 apparmor_parser does not correctly handle profile namespaces when 'profile' keyword is used
1526085 apparmor_parser --namespace-string does not load profiles in the specified ns in 2.10
1534405 Regression in parser compiling/loading a directory
1272028 remount, not honored on bind mounts
1531325 AppArmor tests fail on Xenial kernel on s390x arch
1559705 linux: apparmor ADT test failures in changeprofile test
1379535 policy namespace stacking
1561939 debugedit fails to handle apparmor_parse due to extra slash
810888 bin.ping: does not let iputils-ping read /etc/libnl-3 or @{PROC}/@{pid}/net/psched - Debian Bug report logs
813835 abstractions/nameservice: does not allow NetworkManager without resolvconf - Debian Bug report logs


About   -   Send Feedback to @ubuntu_updates