apparmor:apparmor-2.13

Last commit made on 2020-12-11
Get this branch:
git clone -b apparmor-2.13 https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
apparmor-2.13
Repository:
lp:apparmor

Recent commits

95aa5b5... by Christian Boltz on 2020-12-09

apparmor.vim: add support for abi rules

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/690
(cherry picked from commit c421fcd38aaf6d4fccebfaf03c9f65ca00f0245c)
Signed-off-by: John Johansen <email address hidden>

c16fff8... by John Johansen on 2020-12-07

Release: Bump revisions for 2.13.6 release

Signed-off-by: John Johansen <email address hidden>

2db3d94... by Christian Boltz on 2020-11-08

aa-autodep: load abstractions on start

So far, aa-autodep "accidently" loaded the abstractions when parsing the
existing profiles. Obviously, this only worked if there is at least one
profile in the active or extra profile directory.

Without any existing profiles, aa-autodep crashed with
KeyError: '/tmp/apparmor.d/abstractions/base'

Prevent this crash by explicitely loading the abstractions on start.

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1178527#c1 [1]
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/682
(cherry picked from commit f6b3de71161f9acfa177e879017560000b7ffde8)
Signed-off-by: John Johansen <email address hidden>

b174705... by Christian Boltz on 2020-11-16

abstractions/X: Allow (only) reading X compose cache

... (/var/cache/libx11/compose/*), and deny any write attempts

Reported by darix,
https://git.nordisch.org/darix/apparmor-profiles-nordisch/-/blob/master/apparmor.d/teams

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/685
(cherry picked from commit 78bd811e2a23f55974991cd208f6a17749655c21)
Signed-off-by: John Johansen <email address hidden>

56cc87a... by John Johansen <email address hidden> on 2020-11-03

Merge [2.13] Check hotkey conflicts case-insensitive

This is needed to catch conflicts between uppercase and lowercase hotkeys of the same letter, as seen with `(B)enannt` and `A(b)lehnen` in the german utils translations.

(cherry picked from commit 07bd11390ea16df17db7f7e6bd2c9678345d3ac5)

Also fix hotkey conflict in utils id.po and sv.po (cherry picked from commit 7cf54f2cd83938cd3b51d588864eb8cc890d63f6)

Note that 7cf54f2cd83938cd3b51d588864eb8cc890d63f6 also included fixes for de.po which are not needed in the 2.13 branch.

This is the 2.13 variant of MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/675.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/678
Acked-by: John Johansen <email address hidden>

ca0d9f7... by Christian Boltz on 2020-10-31

Fix hotkey conflict in utils id.po and sv.po

(cherry picked from commit 7cf54f2cd83938cd3b51d588864eb8cc890d63f6)

Note that 7cf54f2cd83938cd3b51d588864eb8cc890d63f6 also included fixes
for de.po which are not needed in the 2.13 branch.

a606a59... by Christian Boltz on 2020-10-31

Check hotkey conflicts case-insensitive

This is needed to catch conflicts between uppercase and lowercase
hotkeys of the same letter, as seen with `(B)enannt` and `A(b)lehnen` in
the german utils translations.

(cherry picked from commit 07bd11390ea16df17db7f7e6bd2c9678345d3ac5)

6a8a5de... by John Johansen <email address hidden> on 2020-10-27

Merge dovecot: backport usr.lib.dovecot.script-login to 2.13

Backport profile to fix denials in Debian Buster+Bullseye.

Add hashes for #include's, remove abi specification.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/672
Acked-by: Christian Boltz <email address hidden>
Acked-by: John Johansen <email address hidden>

1bcf857... by Vincas Dargis on 2020-10-25

dovecot: backport usr.lib.dovecot.script-login to 2.13

Backport profile to fix denials in Debian Buster+Bullseye.

Add hashes for #include's, remove abi specification.

ea55ef2... by Vincas Dargis on 2020-10-25

dovecot: allow reading dh.pem

Dovecot is hit with this denial on Debian 10 (buster):
```
type=AVC msg=audit(1603647096.369:24514): apparmor="DENIED"
operation="open" profile="dovecot" name="/usr/share/dovecot/dh.pem"
pid=28774 comm="doveconf" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
```

This results in fatal error:

```
Oct 25 19:31:36 dovecot[28774]: doveconf: Fatal: Error in configuration
file /etc/dovecot/conf.d/10-ssl.conf line 50: ssl_dh: Can't open file
/usr/share/dovecot/dh.pem: Permission denied
```

Add rule to allow reading dh.pem.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/671
(cherry picked from commit 9d8e111abe3f54681bb8ba5d47b6fc43e4f4a034)
Signed-off-by: John Johansen <email address hidden>