apparmor:apparmor-2.13

Last commit made on 2023-12-05
Get this branch:
git clone -b apparmor-2.13 https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
apparmor-2.13
Repository:
lp:apparmor

Recent commits

1110197... by Georgia Garcia

Merge parser: Deprecation warning should not have been backported

Outputing the deprecation warning is a change in behavior that is not
a bug fix.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit ca7f79174e7eb86ec744943a1f0155734c2f538f)
Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1129
Merged-by: Georgia Garcia <email address hidden>

6b3eb5f... by Rodrigo Figueiredo Zaiden

parser: Deprecation warning should not have been backported

Outputing the deprecation warning is a change in behavior that is not
a bug fix.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit ca7f79174e7eb86ec744943a1f0155734c2f538f)
Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

636739f... by John Johansen <email address hidden>

Merge fix subprofile name in profile serialization

Given the following profile:

profile foo {
  profile bar {
    profile baz {
    }
  }
}

The parser would correctly serialize the "foo" profile and the
"foo//bar" profile, but it would incorrectly name "bar//baz" when it
should be "foo//bar//baz". This would cause issues loading the profile
in certain kernels causing a "parent does not exist" error.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1127
Merged-by: John Johansen <email address hidden>
(cherry picked from commit eb6fa022513f60ef340bf5ebe6d6aae3269f1f87)
Signed-off-by: John Johansen <email address hidden>

3c6d767... by John Johansen <email address hidden>

Merge profiles: remove @{etc_ro} variable which is not available on 2.13

The variable @{etc_ro} was cherry-picked from a commit from a later
apparmor version, but it is not available on 2.13. Therefore it should
be replaced by the actual string.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1122
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>

c29b505... by Georgia Garcia

profiles: remove @{etc_ro} variable which is not available on 2.13

The variable @{etc_ro} was cherry-picked from a commit from a later
apparmor version, but it is not available on 2.13. Therefore it should
be replaced by the actual string.

Signed-off-by: Georgia Garcia <email address hidden>

e1660df... by John Johansen <email address hidden>

Merge tests: fix regression tests to run on kernels that only have network_v8

upstream kernels only have network_v8 unfortunately the tcp tests were
only being run against kernels that had network (which is v7). Kernels
that support both (Ubuntu) would be tested against v8, so v8 has been
tested but pure upstream kernels were failing to be tested correctly.

This patch will only make sure one of the supported verserions are
tested. This is determined by the parser which prefers v8. In the
future the tests need to be extended to run the tests against all
kernel supported versions.

Signed-off-by: John Johansen <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1120
Approved-by: Christian Boltz <email address hidden>
Merged-by: John Johansen <email address hidden>
(cherry picked from commit dcc719c69c0473a4060c3314679b0ec8fc4c716d)
Signed-off-by: John Johansen <email address hidden>

d90649a... by John Johansen <email address hidden>

Merge Allow reading /etc/authselect/nsswitch.conf

On systems with authselect installed, /etc/nsswitch.conf is a symlink to
/etc/authselect/nsswitch.conf.

Fixes: https://gitlab.com/apparmor/apparmor-profiles/-/issues/13

I propose this patch for 3.0..master.

Closes apparmor-profiles#13
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1119
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>

(cherry picked from commit 54915dabc4b8b7e1a02d40619af625c8bd147d8b)
Signed-off-by: John Johansen <email address hidden>

3319313... by John Johansen <email address hidden>

Merge ubuntu-browsers.d/kde: fix plasma-browser-integration

Out of the box the KDE plasma-browser-integration package does not work
after a user installed the corresponding Firefox extension: The browser
can't start the native host binary. The same is probably true for
Chromium.

This was originally reported to KDE at https://bugs.kde.org/show_bug.cgi?id=397399

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1115
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>
(cherry picked from commit 1e7f63415a6cff0fb22a7b18b9169d5db6091dc1)
Signed-off-by: John Johansen <email address hidden>

1b300f5... by John Johansen <email address hidden>

Merge [2.13..3.1] Ignore ´//null-` peers in signal and ptrace events

Ideally we'd update them to the chosen exec target - but until this is
implemented, it doesn't make sense to ask about adding a //null-* peer
to a profile.

This commit is a manual backport of 41df2ca366e18e3df92163985b8530ac3abadff0 /
https://gitlab.com/apparmor/apparmor/-/merge_requests/1090
(with indentation changed to match the 3.1 branch)

I propose this patch for 2.13..3.1

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1107
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>

(cherry picked from commit 719251cac201c67a37bcc64838f452e7de12b83f)

7301aae2 Ignore ´//null-` peers in signal and ptrace events

ed6bc06... by Georgia Garcia

Merge tests/regression/apparmor/capabilities.sh: fail iopl/ioperm with lockdown

In MR #1063 the tests/regression/apparmor/syscall.sh script was updated to
account for kernel lockdown, but the capabilities.sh script also exercises these
system calls so this also needs to be updated as well.

Also required to fix issue #226.

Signed-off-by: Alex Murray <email address hidden>

Closes #226
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1064
Approved-by: Georgia Garcia <email address hidden>
Merged-by: Georgia Garcia <email address hidden>

(cherry picked from commit 3b832dd313e63e51df6976a3d2d3fa534025eebc)

eafae0dd tests/regression/apparmor/capabilities.sh: fail iopl/ioperm with lockdown