View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/apparmor

See all merge proposals.

Import details

Import Status: Reviewed

This repository is an import of the Git repository at https://gitlab.com/apparmor/apparmor.git.

The next import is scheduled to run .

Last successful import was .

Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 40 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 40 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 50 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 40 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 30 seconds — see the log

Branches

Name Last Modified Last Commit
apparmor-4.0 2024-12-05 17:36:43 UTC
Merge python 3.13 fixes/workarounds

Author: Christian Boltz
Author Date: 2024-12-05 17:36:43 UTC

Merge python 3.13 fixes/workarounds

Fixes/workarounds for python 3.13 support.

fail.py: handle missing cgitb - workaround for https://gitlab.com/apparmor/apparmor/-/issues/447

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1439
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>

(cherry picked from commit 5fb91616e3ec1136b2008ab201d8d709ea2dc2f8)

434e34bb fail.py: handle missing cgitb

Co-authored-by: Christian Boltz <apparmor@cboltz.de>

apparmor-4.1 2024-12-05 17:36:32 UTC
Merge python 3.13 fixes/workarounds

Author: Christian Boltz
Author Date: 2024-12-05 17:36:32 UTC

Merge python 3.13 fixes/workarounds

Fixes/workarounds for python 3.13 support.

fail.py: handle missing cgitb - workaround for https://gitlab.com/apparmor/apparmor/-/issues/447

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1439
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>

(cherry picked from commit 5fb91616e3ec1136b2008ab201d8d709ea2dc2f8)

434e34bb fail.py: handle missing cgitb

Co-authored-by: Christian Boltz <apparmor@cboltz.de>

master 2024-12-05 17:35:13 UTC
Merge python 3.13 fixes/workarounds

Author: Christian Boltz
Author Date: 2024-12-05 17:35:13 UTC

Merge python 3.13 fixes/workarounds

Fixes/workarounds for python 3.13 support.

fail.py: handle missing cgitb - workaround for https://gitlab.com/apparmor/apparmor/-/issues/447

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1439
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>

apparmor-3.1 2024-12-01 16:11:59 UTC
Merge aa-remove-unknown: fix readability check [upstreaming]

Author: Christian Boltz
Author Date: 2024-12-01 16:11:59 UTC

Merge aa-remove-unknown: fix readability check [upstreaming]

I am upstreaming this patch that is part of the nix package of apparmor for close to a year now.
This fixes the issue at https://github.com/NixOS/nixpkgs/issues/273164 for more distros than just NixOS.
The original merge Request on the nix side patching this was https://github.com/NixOS/nixpkgs/pull/285915.
However, people had issues with gitlab, so this never hit apparmor upstream until now. This does however also mean this patch has seen production and seems to work quite well.

## Original reasoning/message of the patch author:

This check is intended for ensuring that the profiles file can actually
be opened. The *actual* check is performed by the shell, not the read
utility, which won't even be executed if the input redirection (and
hence the test) fails.

If the test succeeds, though, using `read` here might actually
jeopardize the test result if there are no profiles loaded and the file
is empty.

This commit fixes that case by simply using `true` instead of `read`.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1438
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>

(cherry picked from commit 93c70351486ea3edcb5304c7d24eb7864505e28e)

b4aa00de aa-remove-unknown: fix readability check

Co-authored-by: Christian Boltz <apparmor@cboltz.de>

apparmor-3.0 2024-10-21 19:52:44 UTC
Merge [3.0 cherry-pick] Merge utils: catch TypeError exception for binary logs

Author: Christian Boltz
Author Date: 2024-10-21 19:52:44 UTC

Merge [3.0 cherry-pick] Merge utils: catch TypeError exception for binary logs

When a log like system.journal is passed on to aa-genprof, for
example, the user receives a TypeError exception: in method
'parse_record', argument 1 of type 'char *'

This patch catches that exception and displays a more meaningful
message.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/436
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

Closes #436
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1354
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: John Johansen <john@jjmx.net>

(cherry picked from commit cb0f84e1014e0c002735381f09a929ef4dff892c)
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1392
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>

apparmor-2.13 2024-10-21 19:29:46 UTC
Merge [2.13 cherry-pick] Merge utils: catch TypeError exception for binary logs

Author: Christian Boltz
Author Date: 2024-10-21 19:29:46 UTC

Merge [2.13 cherry-pick] Merge utils: catch TypeError exception for binary logs

When a log like system.journal is passed on to aa-genprof, for
example, the user receives a TypeError exception: in method
'parse_record', argument 1 of type 'char *'

This patch catches that exception and displays a more meaningful
message.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/436
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

Closes #436
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1354
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: John Johansen <john@jjmx.net>

(cherry picked from commit cb0f84e1014e0c002735381f09a929ef4dff892c)
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1391
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>

apparmor-2.12 2022-12-16 20:05:01 UTC
Merge log parsing fixes

Author: Georgia Garcia
Author Date: 2022-12-16 19:41:41 UTC

Merge log parsing fixes

small fixes on log parsing

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/959
Approved-by: Jon Tourville <jon.tourville@canonical.com>
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>
(cherry picked from commit 4f2d2a8cab285a725bf72d0322ddf17df312abe4)
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

apparmor-2.11 2022-08-22 22:31:58 UTC
Merge [2.11..2.13] Add 'mctp' network domain keyword [only to utils]

Author: John Johansen
Author Date: 2022-08-22 21:44:14 UTC

Merge [2.11..2.13] Add 'mctp' network domain keyword [only to utils]

Reported as comment on https://build.opensuse.org/request/show/951354
(update to glibc 2.35)

This is a partial backport of
https://gitlab.com/apparmor/apparmor/-/merge_requests/832

I propose this patch for 2.11, 2.12 and 2.13.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/911
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit 157c8ee36a09330601ec7667e8ead6d58d2ef4c8)
Signed-off-by: John Johansen <john.johansen@canonical.com>

fix-dirtest 2022-07-25 10:14:31 UTC
dirtest.sh: don't rely on apparmor_parser -N's output sort order to be determ...

Author: intrigeri
Author Date: 2022-07-25 10:04:13 UTC

dirtest.sh: don't rely on apparmor_parser -N's output sort order to be deterministic

I've seen this test fail because "apparmor_parser -N" returned the expected
lines, but in a different order than what's expected (dirtest.out).

To fix this, sort both the expected and actual output.

check-if-systemd-detect-virt-is-present 2022-07-06 06:41:35 UTC
rc.apparmor.functions: only use systemd-detect-virt if it's present

Author: intrigeri
Author Date: 2022-07-06 06:41:35 UTC

rc.apparmor.functions: only use systemd-detect-virt if it's present

This is a follow-up on !812, which added a call to systemd-detect-virt.
Everywhere else we don't assume that program is present,
and first check if it's there before we run it.
Let's do the same here.

250-what-is-the-minimum-kernel-version-required-for-apparmor-3 2022-06-29 13:25:14 UTC
Merge zgrep: allow executing egrep and fgrep

Author: Christian Boltz
Author Date: 2022-06-29 13:25:14 UTC

Merge zgrep: allow executing egrep and fgrep

egrep and fgrep also need to execute grep and write to /dev/tty in the
helper child profile.

Fixes: https://progress.opensuse.org/issues/113108

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/892
Approved-by: Jon Tourville <jon.tourville@canonical.com>
Merged-by: Christian Boltz <apparmor@cboltz.de>

160-the-trash-abstraction 2021-04-14 21:23:35 UTC
Merge severity.py: bump test coverage to 100%

Author: John Johansen
Author Date: 2021-04-14 21:23:35 UTC

Merge severity.py: bump test coverage to 100%

... by adding some new tests, and by marking two lines as "pragma: no branch" because I didn't find a testcase that doesn't let them continue with the next line.

Finally, remove severity.py from the "not 100% covered" list in test/Makefile.

Also run severity tests with the official severity.db instead of the slightly outdated copy in test/.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/737
Acked-by: John Johansen <john.johansen@canonical.com>

apparmor-2.10 2020-12-07 12:39:38 UTC
Release: Bump revision for 2.10.6 release

Author: John Johansen
Author Date: 2020-12-07 12:39:38 UTC

Release: Bump revision for 2.10.6 release

Signed-off-by: John Johansen <john.johansen@canonical.com>

cherry-pick-d257afd3 2020-04-02 08:49:51 UTC
Add xdg-open (and friends) abstraction

Author: John Johansen
Author Date: 2020-02-03 21:32:21 UTC

Add xdg-open (and friends) abstraction

Implement set of abstractions to handle opening uris via xdg-open and similar helpers used on different desktop environments.

Abstractions are intended to be included into child profile, together with bundle abstractions such as ubuntu-browsers, ubuntu-email and others, for fine-grained control on what confined application can actually open via xdg-open and similar helpers.

PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/404
Acked-by: John Johansen <john.johansen@canonical.com>

(cherry picked from commit d257afd3096b25f5d76e2575478c13d4f6930f9a)

622fc44b Add xdg-open (and friends) abstraction
af278ca6 exo-open: Fix denials on OpenSUSE
f07f0771 exo-open: Allow playing alert sounds
80514906 kde-open5: use dbus-network-manager-strict abstraction
ac08dc66 kde-open5: fix denies Ubuntu Eoan
501aada8 gio-open: fix denies Ubuntu Eoan
0a55babe exo-open: do not enable a11y by default
e77abfa5 exo-open: update comment about DBUS denial
d35faafd kde-open5: do not enable a11y by default
8b481d46 kde-open5: do not enable gstreamer support by default
162e5086 xdg-open: update usage example

cherry-pick-d4296d21 2020-03-31 21:02:18 UTC
Merge: abstractions/nameservice: allow accessing /run/systemd/userdb/

Author: John Johansen
Author Date: 2020-03-29 08:51:55 UTC

Merge: abstractions/nameservice: allow accessing /run/systemd/userdb/

On systems with systemd 245, `nss-systemd` additionally queries NSS records from `systemd-userdbd.service`. See https://systemd.io/USER_GROUP_API/ .

This does not bring full support for `systemd-homed`, but I don't use that service so I can't help with that.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/82
PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/459
Acked-by: John Johansen <john.johansen@canonical.com>

(cherry picked from commit d4296d217c888e08e10bec300fe35351c2ef2f81)

16f9f688 abstractions/nameservice: allow accessing /run/systemd/userdb/

apparmor-2.9 2018-06-29 18:30:00 UTC
profiles: adjust abstractions/python for python 3.7

Author: Christian Boltz
Author Date: 2018-06-28 11:34:08 UTC

profiles: adjust abstractions/python for python 3.7

Python 3.7 was released yesterday - and to make the abstraction
future-proof, also cover 3.8 and 3.9 in advance ;-)

(cherry picked from commit 01f41fbff821be7264a4b0aac83ed04747395055)

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
PR: https://gitlab.com/apparmor/apparmor/merge_requests/139

apparmor-2.8 2017-10-28 05:46:04 UTC
git conversion: move .bzrignore to .gitignore

Author: Steve Beattie
Author Date: 2017-10-28 05:46:04 UTC

git conversion: move .bzrignore to .gitignore

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>

apparmor-2.7 2012-04-25 19:58:58 UTC
Merge from trunk rev 2037:

Author: Kees Cook
Author Date: 2012-04-25 19:58:58 UTC

Merge from trunk rev 2037:

The m4 shipped to handle Python was incorrectly clearing
$CPPFLAGS. Additionally, do not repeat compiler flags for automake
targets that already include them, and pass more flags to the Perl build.

Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

apparmor-2.6 2011-08-26 23:03:03 UTC
Merge from trunk revision 1805:

Author: Steve Beattie
Author Date: 2011-08-26 23:03:03 UTC

Merge from trunk revision 1805:

  Attached is a patch to make the initscript not fail if /tmp is full
  by converting the comm(1) usage on temporary files to an embedded
  awk script. On both Ubuntu and OpenSUSE, a version of awk (mawk in
  Ubuntu, gawk in OpenSUSE) is either a direct or indirect dependency
  on the minimal or base package set, and the original reporter also
  mentioned that an awk-based solution would be palatable in a way
  that converting to bash, or using perl or python here would not be.

  In the embedded awk script, I've tried to avoid gawk or mawk
  specific behaviors or extensions; e.g. this is the reason for the
  call to sort on the output of the awk script, rather than using
  gawk's asort(). But please let me know if you see anything that
  shouldn't be portable across awk implementations.

  An additional issue that is fixed in both scripts is handling
  child profiles (e.g. hats) during reload. If child profiles are
  filtered out (via grep -v '//') of the list to consider, then
  on reloading a profile where a child profile has been removed or
  renamed, that child profile will continue to stick around. However,
  if the profile containing child profiles is removed entirely,
  if the initscript attempts to unload the child profiles after the
  parent is removed, this will fail because they were unloaded when
  the parent was unloaded. Thus I removed any filtering of child
  profiles out, but do a post-awk reverse sort which guarantees that
  any child profiles will be removed before their parent is. I also
  added the LC_COLLATE=C (based on the Ubuntu version) to the sort
  call to ensure a consistent sort order.

  To restate, the problem with the existing code is that it creates
  temporary files in $TMPDIR (by default /tmp) and if that partition
  is full, problems with the reload action ensue. Alternate solutions
  include switching the initscript to use bash and its <$() extension
  or setting TMPDIR to /dev/shm/. The former is unpalatable to some
  (particularly for an initscript), and for the latter, /dev/shm is
  only guaranteed to exist on GNU libc based systems (glibc apparently
  expects /dev/shm to exist for its POSIX shared memory implementation;
  see shm_overview(7)). So to me, awk (sans GNU extensions) looks
  to be the least bad option here.

Nominated-By: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: John Johansen <john.johansen@canonical.com>

Bug: https://launchpad.net/bugs/775785

apparmor-2.5 2011-06-06 17:39:54 UTC
Rename tags to conform with git tag requirements

Author: John Johansen
Author Date: 2011-06-06 17:39:54 UTC

Rename tags to conform with git tag requirements

Rename tags
  apparmor_2.5.2~rc1 to apparmor_2.5.2-rc1
  apparmor_2.6.0~rc1 to apparmor_2.6.0-rc1

this is necessary for export to the git mirror

Signed-off-by: John Johansen <john.johansen@canonical.com>

apparmor-2.3 2008-05-27 12:04:33 UTC
remove for-mainline dir from kernel patches

Author: John Johansen
Author Date: 2008-05-27 12:04:33 UTC

remove for-mainline dir from kernel patches

apparmor-2.1 2008-03-28 07:19:57 UTC
merge -r 1158 - fix fatal errors so that they have an exit with an exit code

Author: John Johansen
Author Date: 2008-03-28 07:19:57 UTC

merge -r 1158 - fix fatal errors so that they have an exit with an exit code
of 127

122 of 22 results

Other repositories

Name Last Modified
lp:apparmor 10 minutes ago
lp:~apparmor-dev/apparmor/+git/apparmor-trunk-daily-ppa 2019-02-19
lp:~sbeattie/apparmor/+git/apparmor 2017-10-28
lp:~jjohansen/apparmor 2016-05-10
lp:~tyhicks/apparmor 2016-03-14
15 of 5 results
You can't create new repositories for AppArmor.