apparmor:apparmor-2.11

Last commit made on 2022-03-25
Get this branch:
git clone -b apparmor-2.11 https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
apparmor-2.11
Repository:
lp:apparmor

Recent commits

a9d6b8f... by Christian Boltz

Merge Allow dovecot to use all signals

similar to commit 2f9d172c641bd21671721e76e0d65ba4bd914107
we discovered that there was a service outage
when dovecot tried to send a usr1 signal

type=AVC msg=audit(1648024138.249:184964): apparmor="DENIED" operation="signal" profile="dovecot" pid=1690 comm="dovecot" requested_mask="send" denied_mask="send" signal=usr1 peer="dovecot-imap-login"

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/865
Approved-by: Christian Boltz <email address hidden>
Merged-by: Christian Boltz <email address hidden>

(cherry picked from commit 83685ba703572a119988f48b43ecae4a45b4b424)

f0919f83 Allow dovecot to use all signals

1ef18b6... by John Johansen <email address hidden>

Merge abstractions/openssl: allow /etc/ssl/{engdef,engines}.d/

These directories were introduced in openssl in https://patchwork.ozlabs<email address hidden>/

I propose this patch for 3.0 and master. Optionally also for older branches, even if it's unlikely that systems using 2.13.x or older get a new-enough openssl to need this ;-)

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/818
Acked-by: John Johansen <email address hidden>
(cherry picked from commit 2b270216aa6485ed4a398e1eb57722d074ae3674)
Signed-off-by: John Johansen <email address hidden>

46dd61b... by John Johansen <email address hidden>

Merge Add missing /proc permissions to avahi-daemon profile

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/203

MR:https://gitlab.com/apparmor/apparmor/-/merge_requests/811
Acked-by: John Johansen <email address hidden>
(cherry picked from commit ee9e61aad284f4edbebbd7cd0e8d9ac452455958)
Signed-off-by: John Johansen <email address hidden>

7f5a65f... by Steve Beattie <email address hidden>

utils: Add new python versions to logprof.conf

Adding everything up to 3.19 should make the file future-proof for a
while ;-)

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/193
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/795
Acked-by: Steve Beattie <email address hidden>
(cherry picked from commit 4559a2997cf162b0f54f602180fd352e8d2486c1)
Signed-off-by: Steve Beattie <email address hidden>

999d036... by Christian Boltz <email address hidden>

Merge branch 'cboltz-typo' into 'master'

Fix typo in manpage

Closes #192

See merge request apparmor/apparmor!789

Acked-by: Acked-by: Seth Arnold <email address hidden> for all branches

(cherry picked from commit 131ae8425b39e920465ab470a0ffc6301223efcf)

1459f49b Fix typo in manpage

9876f84... by John Johansen <email address hidden>

Merge allow Prometheus metrics end-point in dovecot/stats

Patch by Michael Ströder <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/776
Acked-by: John Johansen <email address hidden>
(cherry picked from commit d8ec3dafb73aae296ba3c748d9b34974dd864fa3)
Signed-off-by: John Johansen <email address hidden>

0237a8e... by John Johansen

parser: fix cache time stamp check to include dir time stamps

Currently for directory includes the directory timestamp is ignored.
This is wrong as operations like removing a file from the dir won't
be considered in the timestamp check.

Fix this by updating the timestamp check to include the included
directories timestamp.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/760
Signed-off-by: John Johansen <email address hidden>
Acked-by: Georgia Garcia <email address hidden>
(cherry picked from commit 3d1232e6404ae15ab8d99433569586f03eec972a)

5c7395b... by Georgia Garcia

tests: fix i18n.sh regression test on arm64

The following errors are happening on the regression tests
of i18n.sh on arm64 hirsute/impish:

Error: open failed. Test 'i18n (194) OPEN (octal) "/tmp/sdtest.3654-6536-J2ZwFM/file__post" RW' was expected to 'pass'. Reason for failure 'FAIL: open /tmp/sdtest.3654-6536-J2ZwFM/file__post failed - Permission denied'
...

The cause is a bash bug handling UTF-8 on subshells.

Fixes: https://bugs.launchpad.net/apparmor/+bug/1932331
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/765

Signed-off-by: Georgia Garcia <email address hidden>
Acked-by: John Johansen <email address hidden>
(cherry picked from commit 458a981b6242e8b1cce1599ca95d89dcd10f60e7)
Signed-off-by: Georgia Garcia <email address hidden>

753b51a... by Christian Boltz

abstractions/php: support PHP 8

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1186267
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/755
(cherry picked from commit 5853f52233d9d86754096e4b64415226b943b502)
Signed-off-by: John Johansen <email address hidden>

9e4614b... by John Johansen

profiles: dhclient: allow setting task comm name

dhclient wants to set its thread names to functional names for
introspection purposes. Eg.

$ pstree -at 3395
dhclient ens3
  ├─{isc-socket}
  ├─{isc-timer}
  └─{isc-worker0000}

When denied this can result in dhclient breaking and failing to obtain
IPv4 addresses.

Fixes: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1918410
Signed-off-by: John Johansen <email address hidden>
Acked-by: Christian Boltz <email address hidden>
(cherry picked from commit c7348395518890793b2f4bf7c13bbe5a0319962d)
Signed-off-by: John Johansen <email address hidden>