Last commit made on 2017-10-28
Get this branch:
git clone -b apparmor-2.8

Branch merges

Branch information


Recent commits

4be3c82... by Steve Beattie

git conversion: move .bzrignore to .gitignore

Signed-off-by: Steve Beattie <email address hidden>

323aee9... by John Johansen

Bump release version to 2.8.5

6e4fa53... by Christian Boltz

backport nscd profile additions from 2.9 branch

The most important change is /proc/[0-9]*/cmdline to allow paranoid mode.

Acked-by: Seth Arnold <email address hidden>

d8a6681... by Christian Boltz

Backport profile additions from the 2.9 branch

This patch backports most profile additions from the latest 2.9 branch
r3004, with the exception of new rule types (2.8 doesn't support dbus,
ptrace etc.) and some noisy cleanups (like /proc/*/ -> @{PROC}/@{pid}/).

Acked-by: Seth Arnold <email address hidden>

6a8a099... by Steve Beattie

libapparmor: fix parsing for yet another format

Backport from trunk revision 2830

This patch fixes the libapparmor log parsing library to take into
account yet another log format style, as well as incorporating a
testcase for it.


Nominated-by: Steve Beattie <email address hidden>
Acked-by: John Johansen <email address hidden>


b0273a9... by Steve Beattie

libaalogparse: fix for new kernel dmesg format

Merge from trunk revision 2647

The upstream kernel at some point between the 3.13 and 3.16 kernel
adjusted the output of audit messages to include an additional "audit:"
keyword. e.g. a 3.13 message would look like:

  kernel: [182243.243324] type=1400 audit(1409684003.960:273342): [SNIP]

whereas in 3.16, it looks like:

  kernel: [182243.243324] audit: type=1400 audit(1409684003.960:273342): [SNIP]

This patch adjust the libapparmor aalogparse grammar and lexer to
compensate for this change.

Nominated-by: Steve Beattie <email address hidden>
Acked-by: Seth Arnold <email address hidden>

a21d7df... by Christian Boltz

fix filename for .../nscd/hosts (which was accidently changed to "host" 3 years ago)

Acked-by: Seth Arnold <email address hidden>

2c6dd0a... by Steve Beattie

toplevel Makefile: use https URI by default for vcs export
Merge from trunk commit 2261.

Since --per-file-timestamps is broken over the SSH transport (see, make the default use
a HTTPS URI instead.

6a347df... by Steve Beattie

Prepare for apparmor 2.8.4 release.

ed2b8b3... by Steve Beattie

mod_apparmor: revert apache 2.4 api fix from commit 2131

This patch reverts commit 2131 which added support for the newer apache
2.4 ap_hook_check_access_ex() api, based on a report from Christian that
it broke apache's simple authentication.

Signed-off-by: Steve Beattie <email address hidden>
Acked-by: Christian Boltz <email address hidden>