apparmor:master

Last commit made on 2024-03-26
Get this branch:
git clone -b master https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
master
Repository:
lp:apparmor

Recent commits

e96fdc0... by Georgia Garcia

Merge utils: allow mount destination globbing

The abstraction lxc/start-container shipped by the liblxc-common
package uses the following mount rule which was not allowed by our
regexes:

  mount options=(rw, make-slave) -> **,
  mount options=(rw, make-rslave) -> **,

Since in AppArmor regex ** includes '/' but * by itself doesn't, I'm
adding explicit support for **.

Signed-off-by: Georgia Garcia <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1195
Approved-by: Christian Boltz <email address hidden>
Merged-by: Georgia Garcia <email address hidden>

14572d9... by Christian Boltz

Merge firefox: allow locking of *.sqlite-shm files in user cache area

Noticed a bunch of these after a Firefox 124.0 upgrade:

`Mar 25 22:08:27 darkstar kernel: [598271.991739] audit: type=1400 audit(1711418907.493:27323): apparmor="DENIED" operation="file_lock" profile="firefox" name="/home/username/.cache/mozilla/firefox/deadbeef.default/suggest.sqlite-shm" pid=2855447 comm=4267494F5468727E6F6C2023333530 requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000`

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1193
Approved-by: Christian Boltz <email address hidden>
Merged-by: Christian Boltz <email address hidden>

ac02295... by Georgia Garcia

utils: support more fs types in mount rules

Signed-off-by: Georgia Garcia <email address hidden>

f4706bf... by Georgia Garcia

utils: allow mount destination globbing

The abstraction lxc/start-container shipped by the liblxc-common
package uses the following mount rule which was not allowed by our
regexes:

  mount options=(rw, make-slave) -> **,
  mount options=(rw, make-rslave) -> **,

Since in AppArmor regex ** includes '/' but * by itself doesn't, I'm
adding explicit support for **.

Signed-off-by: Georgia Garcia <email address hidden>

435f9ce... by Daniel Richard G.

firefox: allow locking of *.sqlite-shm files in user cache area

451bb8b... by John Johansen <email address hidden>

Merge profiles: add unconfined profile for tuxedo-control-center

Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844
Signed-off-by: Georgia Garcia <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1187
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>

6e46631... by John Johansen <email address hidden>

Merge parser: fix issues appointed by coverity

Fix issues introduced in coverity's snapshots 75887, 70858 and 75429.
- CID 353483: Uninitialized pointer field (UNINIT_CTOR)
- CID 349572: Unsigned compared against 0 (NO_EFFECT)

Signed-off-by: Georgia Garcia <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1188
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>

f9527d2... by Georgia Garcia

parser: fix issues appointed by coverity

Fix issues introduced in coverity's snapshots 75887, 70858 and 75429.
- CID 353483: Uninitialized pointer field (UNINIT_CTOR)
- CID 349572: Unsigned compared against 0 (NO_EFFECT)

Signed-off-by: Georgia Garcia <email address hidden>

9dc2f48... by Georgia Garcia

profiles: add unconfined profile for tuxedo-control-center

Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844
Signed-off-by: Georgia Garcia <email address hidden>

2fc8048... by John Johansen

Prepare for AppArmor 4.0 beta3 release

  - update version file

Signed-off-by: John Johansen <email address hidden>