Package "apparmor"

Name: apparmor


user-space parser utility for AppArmor

Latest version: 2.10.95-0ubuntu2.9
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://apparmor.net/


Save this URL for the latest version of "apparmor": https://www.ubuntuupdates.org/apparmor

Download "apparmor"

Other versions of "apparmor" in Xenial

Repository Area Version
base main 2.10.95-0ubuntu2
base universe 2.10.95-0ubuntu2
security universe 2.10.95-0ubuntu2.6
security main 2.10.95-0ubuntu2.6
updates universe 2.10.95-0ubuntu2.9

Packages in group

Deleted packages are displayed in grey.

apparmor-docs apparmor-easyprof apparmor-notify apparmor-profiles apparmor-utils
libapache2-mod-apparmor libapparmor-dev libapparmor-perl libapparmor1 libpam-apparmor
python3-apparmor python3-libapparmor


Version: 2.10.95-0ubuntu2.9 2018-03-12 12:06:49 UTC

  apparmor (2.10.95-0ubuntu2.9) xenial; urgency=medium

  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <email address hidden>

 -- Christian Ehrhardt <email address hidden> Tue, 20 Feb 2018 16:04:02 +0100

Source diff to previous version
1670408 apparmor base abstraction needs backport of rev 3658 to fix several denies (tor, ntp, ...)

Version: 2.10.95-0ubuntu2.8 2018-02-08 20:07:18 UTC

  apparmor (2.10.95-0ubuntu2.8) xenial; urgency=medium

  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

 -- Seyeong Kim <email address hidden> Mon, 08 Jan 2018 07:43:46 -0800

Source diff to previous version
1717714 @{pid} variable broken on systems with pid_max more than 6 digits

Version: 2.10.95-0ubuntu2.7 2017-09-13 00:06:40 UTC
No changelog available yet.
Source diff to previous version

Version: 2.10.95-0ubuntu2.6 2017-03-28 17:07:04 UTC

  apparmor (2.10.95-0ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script or upstart job
    as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden> Wed, 15 Mar 2017 22:07:02 +0000

Source diff to previous version
1668892 CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles
CVE-2017-6507 An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or syste

Version: 2.10.95-0ubuntu2.5 2016-10-27 18:06:39 UTC

  apparmor (2.10.95-0ubuntu2.5) xenial; urgency=medium

  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests for stacking so that the kernel SRU process is not
    interrupted by failing tests whenever the AppArmor stacking features are
    backported from the 16.10 kernel or when the 16.04 LTS Enablement Stack
    receives a 4.8 or newer kernel
    - debian/patches/r3509-tests-fix-exec_stack-errors-1.patch: Fix the
      exec_stack.sh test when running on 4.8 or newer kernels (LP: #1628745)
    - debian/patches/r3558-tests-fix-exec_stack-errors-2.patch: Adjust the
      exec_stack.sh fix mentioned above to more accurately test kernels older
      than 4.8 (LP: #1630069)
    - debian/patches/allow-stacking-tests-to-use-system.patch: Apply this
      patch earlier in the series, as to match when it was committed upstream,
      so that the above two patches can be cherry-picked from lp:apparmor

 -- Tyler Hicks <email address hidden> Fri, 07 Oct 2016 05:21:44 +0000

1628285 apparmor should be allowed to start in containers
1628745 Change in kernel exec transition behavior causes regression tests to fail
1630069 Regression tests can not detect binfmt_elf mmpa semantic change

About   -   Send Feedback to @ubuntu_updates