apparmor:apparmor-2.12

Last commit made on 2020-03-31
Get this branch:
git clone -b apparmor-2.12 https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
apparmor-2.12
Repository:
lp:apparmor

Recent commits

1660e67... by nl6720 <email address hidden> on 2020-02-13

Add "run" variable

Define the "run" variable in 2.12 and 2.13 to make backporting profile updates easier.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/88
PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/466
Signed-off-by: nl6720 <email address hidden>
(cherry picked from commit 452b5b8735e449cba29a1fb25c9bff38ba8763ec)
Acked-by: John Johansen <email address hidden>

feaae22... by nl6720 <email address hidden> on 2020-03-19

abstractions/nameservice: allow accessing /run/systemd/userdb/

On systems with systemd 245, nss-systemd additionally queries NSS records from systemd-userdbd.service. See https://systemd.io/USER_GROUP_API/ .

(cherry picked from commit 16f9f6885aff84123c0b52197f435e40d656c0e4)
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/82
Signed-off-by: nl6720 <email address hidden>
Signed-off-by: John Johansen <email address hidden>

b555cb2... by Christian Boltz <email address hidden> on 2020-03-23

Merge branch 'master' into 'master'

Update usr.sbin.winbindd profile to allow krb5 rcache files locking

See merge request apparmor/apparmor!460

Acked-by: Christian Boltz <email address hidden> for 2.11..master

(cherry picked from commit 5c1932d0d634ee693b513f79fabe56c85d4c7f5f)

2c3001c7 Update usr.sbin.winbindd profile to allow krb5 rcache files locking

67887a1... by Christian Boltz <email address hidden> on 2020-02-03

Merge branch 'run-uuidd-request' into 'master'

abstractions/base: allow read access to /run/uuidd/request

See merge request apparmor/apparmor!445

Acked-by: John Johansen <email address hidden> for 2.11..master
Acked-by: Christian Boltz <email address hidden> for 2.11..master

(cherry picked from commit 80bf9209296417a1a65fe03130530e1303a4d6c7)

45fffc12 abstractions/base: allow read access to /run/uuidd/request

54852ce... by Christian Boltz <email address hidden> on 2020-02-03

Merge branch 'gnome-abstraction-more-mimeapps' into 'master'

abstractions/gnome: also allow /etc/xdg/mimeapps.list

See merge request apparmor/apparmor!444

Acked-by: John Johansen <email address hidden> for 2.11..master
Acked-by: Christian Boltz <email address hidden> for 2.11..master

(cherry picked from commit 3becbbab2c47b2c4d57ecce2674af690b1888ba9)

67cf4fa3 abstractions/gnome: also allow /etc/xdg/mimeapps.list

d147319... by Christian Boltz <email address hidden> on 2020-02-03

Merge branch 'ecryptfs-top-dir' into 'master'

abstractions/base: allow read access to top-level ecryptfs directories

See merge request apparmor/apparmor!443

Acked-by: John Johansen <email address hidden> for 2.11..master
Acked-by: Christian Boltz <email address hidden> for 2.11..master

(cherry picked from commit 24895ea302d06684b4fda1c538e04fb9e6d0f287)

fbd8981e abstractions/base: allow read access to top-level ecryptfs directories

6a968fd... by Ian Johnson on 2020-01-30

docs: fix typo in man doc of unix rules

Signed-off-by: John Johansen <email address hidden>
Acked-by: Steve Beattie <email address hidden>
(cherry picked from commit f4220a19bec57a2d3d7d92984e9030197605c0dd)

6784de4... by Christian Boltz <email address hidden> on 2020-01-10

Merge branch 'cboltz-backport-tunables-share' into 'apparmor-2.12'

[2.11+2.12] Backport tunables/share to 2.11 and 2.12 branch

See merge request apparmor/apparmor!446

Acked-by: John Johansen <email address hidden>

99e2d38... by Christian Boltz on 2020-01-09

Backport tunables/share to 2.11 and 2.12 branch

Backporting the abstractions/gnome changes resulted in invalid profiles
because 2.11 and 2.12 don't have @{user_share_dirs} defined.

Therefore add/copy over tunables/share from master, and include it in
tunables/global.

8079400... by John Johansen <email address hidden> on 2019-12-11

 gnome abstraction: allow reading per-user themes from $XDG_DATA_HOME

Bug-Debian: https://bugs.debian.org/930031

As per https://developer.gnome.org/gtk3/stable/ch32s03.html, since GTK+ 3.6, $XDG_DATA_HOME/themes is preferred over $HOME/.themes. We already support the latter, let's also support the former.

PR: https://gitlab.com/apparmor/apparmor/merge_requests/442
Acked-by: John Johansen <email address hidden>

(cherry picked from commit 098f0a7b5fa0acec7f8f148705d6fe520ccf059b)

852c1e76 gnome abstraction: allow reading per-user themes from $XDG_DATA_HOME