7e6df95...
by
John Johansen <email address hidden>
Merge profiles: update snap_browsers permissions
The snap_browsers abstraction requires more permissions
due to updates on snaps.
Some of the permissions are not required in older versions of
Ubuntu that use 2.12 and 2.13, but are introduced for unification
and ease of maintenance purposes. These include:
```
all dbus permissions,
@{PROC}/sys/kernel/random/uuid r,
owner @{PROC}/@{pid}/cgroup r,
/var/lib/snapd/sequence/{chromium,firefox,opera}.json r,
```
I also propose a cherry-pick of this commit to 2.12, 2.13 and 3.0
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/877
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>
(cherry picked from commit bfa67b369df97ec86b532fd686c8240ecbbd9f06)
Signed-off-by: John Johansen <email address hidden>
As a short-term solution, we are adding a snap-browsers profile
which restricts what snaps opened by evince can do.
The long-term solution is currently not available, but could be
accomplished by using enhanced environment variable filtering/mediation
and delegation of open fds.
I propose this patch for 3.0 and master. (<= 2.13 don't have the samba-bgpd profile - if we want to backport to 2.x, we'll have to pick only the smbd part.)
backport: drop ../profiles/apparmor.d/samba-bgqd
(cherry picked from commit c3f64513f2986d799a7c9a07f853dd300728a7b5)
Signed-off-by: John Johansen <email address hidden>
5f3f4ba...
by
John Johansen <email address hidden>
Merge [2.x..3.0] aa-remove-unknown: abort on parser failure
If apparmor_parser -N (in profiles_names_list()) fails,
aa-remove-unknown possibly gets an incomplete list of profiles in
/etc/apparmor.d/ and therefore might remove more profiles than it
should.
Replace the profiles_names_list() call with a direct apparmor_parser
call, and abort aa-remove-unknown if it exits with $? != 0
Before:
```
aa-remove-unknown -n
AppArmor parser error for /etc/apparmor.d/broken in profile /etc/apparmor.d/broken at line 1: syntax error, unexpected TOK_ID, expecting TOK_OPEN
Would remove 'delete_me'
```
After:
```
./aa-remove-unknown -n
AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/zbroken at line 1: syntax error, unexpected TOK_ID, expecting TOK_OPEN
apparmor_parser exited with failure, aborting.
```
And of course, after fixing the broken profile:
```
./aa-remove-unknown -n
Would remove 'delete_me'
```
(cherry picked from commit 5053a01d84ba980c20bff7bd53a49fd6101db316)
This backports the fix in `aa-remove-unknown` from !836, but doesn't backport the cleanup in `rc.apparmor.functions`.
I propose this patch for 3.0 and all 2.x branches.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/859
Approved-by: Georgia Garcia <email address hidden>
Merged-by: John Johansen <email address hidden>
(cherry picked from commit c6324c2a3efaa89bb173430785ab372c310c2ff7)
Signed-off-by: John Johansen <email address hidden>
libapparmor: fix building with link time optimization (lto)
Currently libapparmor fails to build when lto is used because it uses
the asm directive to provide different version of some symbols.
Unfortunately gcc does not recognize this and the symbols defined by
asm are lost and optimized out by lto and then the link fails.
I propose this patch for 3.0 and master. Optionally also for older branches, even if it's unlikely that systems using 2.13.x or older get a new-enough openssl to need this ;-)
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/818
Acked-by: John Johansen <email address hidden>
(cherry picked from commit 2b270216aa6485ed4a398e1eb57722d074ae3674)
Signed-off-by: John Johansen <email address hidden>
3da24e0...
by
John Johansen <email address hidden>
Merge Add missing /proc permissions to avahi-daemon profile