SubDomain.pm does not know about truncate, rename_src, and rename_dest operations

It also appears that the operations mkdir, link, and unlink are not covered by SubDomain.pm.

This has been partially fixed in upstream trunk rev 1475 which fixes the truncate, rename_src, rename_dest, and mkdir cases. The link, unlink and possibly other operation still need to be covered.

apparmor (2.5.1~rc1-0ubuntu1) maverick; urgency=low

  [ Jamie Strandboge ]
  * New upstream RC release (revision 1413). In addition to getting the tools
    to work with the maverick kernel, this update fixes:
    - LP: #619521
    - LP: #633369
    - LP: #626451
    - LP: #581525
    - LP: #623467 (link and unlink still need to be addressed)
  * Dropped the following patches, included upstream:
    - 0002-lp615177.patch
    - 0004-ubuntu-pux.patch
    - 0006-kde4-config-pux.patch
    - 0007-lp605835.patch
    - 0012-lp625041.patch
    - 0013-lp623586.patch
  * Update the following patches:
    - rename 0010-fix-release.patch as 0001-fix-release.patch since this will
      likely always need to be here
    - rename 0005-add-chromium-browser.patch as
      0002-add-chromium-browser.patch
    - rename 0001-local-includes.patch as 0003-local-includes.patch and update
      to use r1493 (from trunk) of local/README file. This can be dropped in
      2.6.
    - collect the ubuntu abstractions updates pulled from trunk into
      0004-ubuntu-abstractions-updates.patch. This can be dropped in 2.6.
    - rename 0008-lp601583.patch as 0005-lp601583.patch. This can be dropped
      in 2.5.1 final.
  * fix up some lintian warnings:
    - debian/control:
      + don't use 'Section' in apparmor-notify, since it is the same as the
        source
      + updates Standards-Version to 3.9.1
      + add ${misc:Depends} to libapparmor-dev and apparmor-notify
    - add debian/source/format
    - debian/libapache2-mod-apparmor.postrm: use #DEBHELPER#
    - debian/libapache2-mod-apparmor.preinst: use #DEBHELPER#
    - add debian/watch
  * debian/notify/notify.conf: set show_notifications="yes" by default
  * debian/patches/0006-network-interface-enumeration.patch: allow network
    interface enumeration. This can be dropped in 2.5.1 final.
  * debian/patches/0007-gnome-updates.patch: update for font/icon/mime
    locations in current gnome. This can be dropped in 2.5.1 final.

  [ Kees Cook ]
  * debian/apparmor.init: rename "stop" to "teardown", drop caches on
    "stop" and warn about the dangers of "teardown".

 -- Jamie Strandboge <email address hidden> Fri, 10 Sep 2010 11:07:19 -0500

Empty test profile

Test log file.

Accepted apparmor into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Upgraded to 2.5.1-0ubuntu0.10.04.1 in lucid-proposed and this issue is resolved.

This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.1

---------------
apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low

  * Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work
    with newer kernels (LP: #660077)
    NOTE: user-tmp now uses 'owner' match, so non-default profiles will have
    to be adjusted when 2 separately confined applications that both use the
    user-tmp abstraction depend on being able to cooperatively share files
    with each other in /tmp or /var/tmp.
  * remove the following patches (features not appropriate for SRU):
    - 0002-add-chromium-browser.patch
    - 0003-local-includes.patch
    - 0004-ubuntu-abstractions-updates.patch
  * debian/rules (this makes it the same as what was shipped in 10.04 LTS
    release):
    - don't ship aa-update-browser and its man page (requires
      0004-ubuntu-abstractions-updates.patch)
    - don't ship apparmor.d/local/ (requires 0003-local-includes.patch)
    - don't use dh_apparmor (not in Ubuntu 10.04 LTS)
    - don't ship chromium profile
  * remove debian/profiles/chromium-browser
  * remove debian/aa-update-browser*
  * debian/apparmor-profiles.postinst: revert to that in lucid release
    (requires dh_apparmor and 0002-add-chromium-browser.patch)
  * remove debian/apparmor-profiles.postrm: doesn't make sense without
    0002-add-chromium-browser.patch
  * debian/control:
    - revert Build-Depends on debhelper (>= 5)
    - revert Standards-Version to 3.8.4
    - revert Vcs-Bzr
    - use Conflicts/Replaces version that was in Ubuntu 10.04 LTS
  * debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id
    back into dbus, since profiles on 10.04 LTS expect it there
  * debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde
    abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to
    be there

apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low

  * New upstream release (LP: #660077)
    - The following patches were refreshed:
      + 0001-fix-release.patch
      + 0003-local-includes.patch
      + 0004-ubuntu-abstractions-updates.patch
      + 0008-lp648900.patch: renamed as 0005-lp648900.patch
    - The following patches were dropped (included upstream):
      + 0005-lp601583.patch
      + 0006-network-interface-enumeration.patch
      + 0007-gnome-updates.patch
  * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head
    of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211)
  * debian/patches/0007-honor-cflags.patch: have the parser makefile honor
    CFLAGS environment variable. Brings back missing symbols for the retracer
  * debian/patches/0008-lp652674.patch: fix warnings for messages without
    denied or requested masks (LP: #652674)
  * debian/apparmor.init: fix path to aa-status (LP: #654841)
  * debian/apport/source_apparmor.py: apport hook should use
    root_command_hook() for running apparmor_status (LP: #655529)
  * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber
    cmdline details (LP: #657091)
  * debian/{rules,control}: move apache2 abstractions into the base package
    so we can put ...