-
e96fdc0...
by
Georgia Garcia
-
Merge utils: allow mount destination globbing
The abstraction lxc/start-container shipped by the liblxc-common
package uses the following mount rule which was not allowed by our
regexes:
mount options=(rw, make-slave) -> **,
mount options=(rw, make-rslave) -> **,
Since in AppArmor regex ** includes '/' but * by itself doesn't, I'm
adding explicit support for **.
Signed-off-by: Georgia Garcia <email address hidden>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1195
Approved-by: Christian Boltz <email address hidden>
Merged-by: Georgia Garcia <email address hidden>
-
14572d9...
by
Christian Boltz
-
Merge firefox: allow locking of *.sqlite-shm files in user cache area
Noticed a bunch of these after a Firefox 124.0 upgrade:
`Mar 25 22:08:27 darkstar kernel: [598271.991739] audit: type=1400 audit(1711418907.493:27323): apparmor="DENIED" operation="file_lock" profile="firefox" name="/home/username/.cache/mozilla/firefox/deadbeef.default/suggest.sqlite-shm" pid=2855447 comm=4267494F5468727E6F6C2023333530 requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000`
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1193
Approved-by: Christian Boltz <email address hidden>
Merged-by: Christian Boltz <email address hidden>
-
ac02295...
by
Georgia Garcia
-
utils: support more fs types in mount rules
Signed-off-by: Georgia Garcia <email address hidden>
-
f4706bf...
by
Georgia Garcia
-
utils: allow mount destination globbing
The abstraction lxc/start-container shipped by the liblxc-common
package uses the following mount rule which was not allowed by our
regexes:
mount options=(rw, make-slave) -> **,
mount options=(rw, make-rslave) -> **,
Since in AppArmor regex ** includes '/' but * by itself doesn't, I'm
adding explicit support for **.
Signed-off-by: Georgia Garcia <email address hidden>
-
435f9ce...
by
Daniel Richard G.
-
firefox: allow locking of *.sqlite-shm files in user cache area
-
451bb8b...
by
John Johansen <email address hidden>
-
Merge profiles: add unconfined profile for tuxedo-control-center
Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844
Signed-off-by: Georgia Garcia <email address hidden>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1187
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>
-
6e46631...
by
John Johansen <email address hidden>
-
Merge parser: fix issues appointed by coverity
Fix issues introduced in coverity's snapshots 75887, 70858 and 75429.
- CID 353483: Uninitialized pointer field (UNINIT_CTOR)
- CID 349572: Unsigned compared against 0 (NO_EFFECT)
Signed-off-by: Georgia Garcia <email address hidden>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1188
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>
-
f9527d2...
by
Georgia Garcia
-
parser: fix issues appointed by coverity
Fix issues introduced in coverity's snapshots 75887, 70858 and 75429.
- CID 353483: Uninitialized pointer field (UNINIT_CTOR)
- CID 349572: Unsigned compared against 0 (NO_EFFECT)
Signed-off-by: Georgia Garcia <email address hidden>
-
9dc2f48...
by
Georgia Garcia
-
profiles: add unconfined profile for tuxedo-control-center
Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844
Signed-off-by: Georgia Garcia <email address hidden>
-
2fc8048...
by
John Johansen
-
Prepare for AppArmor 4.0 beta3 release
- update version file
Signed-off-by: John Johansen <email address hidden>