lp:apparmor/2.10
- Get this branch:
- bzr branch lp:apparmor/2.10
Branch merges
Related bugs
Bug #1466812: aa-logprof crash | High | Triaged | |
Bug #1650827: /usr/lib/dovecot/dovecot-lda: "Failed name lookup - disconnected path" | High | Confirmed | |
Bug #1658238: apache2 abstraction incomplete | Undecided | New |
Related blueprints
Branch information
Recent revisions
- 3410. By intrigeri
-
profiles: allow OpenAL HRTF support in audio abstraction
merge from trunk commit 3726
The files are "head-related transfer function" data sets, used by
OpenAL for better spatialization of sounds when headphones are detected.Acked-by: Steve Beattie <email address hidden>
Bug: https:/
/bugs.debian. org/cgi- bin/bugreport. cgi?bug= 874665 - 3409. By Christian Boltz
-
Add python3.6 line to utils/logprof.conf
This is a backport of trunk r3718 by intrigeri
Acked-by: John Johansen <email address hidden> for 2.11 and 2.10 (on IRC)
- 3408. By Christian Boltz
-
Allow reading /etc/netconfig in abstractions/
nameservice /etc/netconfig is required by the tirpc library which nscd and several
other programs use.References: https:/
/bugzilla. opensuse. org/show_ bug.cgi? id=1062244 Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk
- 3406. By John Johansen
-
parser: Allow AF_UNSPEC family in network rules
https:/
/launchpad. net/bugs/ 1546455 Don't filter out AF_UNSPEC from the list of valid protocol families so
that the parser will accept rules such as 'network unspec,'.There are certain syscalls, such as socket(2), where the LSM hooks are
called before the protocol family is validated. In these cases, AppArmor
was emitting denials even though socket(2) will eventually fail. There
may be cases where AF_UNSPEC sockets are accepted and we need to make
sure that we're mediating those appropriately.cherry-pick: r3376
Signed-off-by: Tyler Hicks <email address hidden>
Suggested-by: Steve Beattie <email address hidden>
Acked-by: John Johansen <email address hidden>
[cboltz: Add 'unspec' to the network domain keywords of the utils] - 3405. By Steve Beattie
-
libapparmor: fix swig test_apparmor.py for zero length ptrace records
Merge from trunk revision 3715The added testcase for a ptrace target with an empty string
(ptrace_garbage_ lp1689667_ 1.in) was causing the swig python test script
to fail. The generated python swig record for libapparmor ends up
setting a number of fields to None or other values that indicate the
value is unset, and the test script was checking if the value in the
field didn't evaluate to False in a python 'if' test.Unfortunately, python evaluates the empty string '' as False in 'if'
tests, resulting in the specific field that contained the empty string
to be dropped from the returned record. This commit fixes that by
special case checking for the empty string.Signed-off-by: Steve Beattie <email address hidden>
Acked-by: John Johansen <email address hidden> - 3404. By John Johansen
-
Fix af_unix downgrade of network rules
with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix ruleshowever this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.cherry-pick: lp:apparmor r3700
Signed-off-by: John Johansen <email address hidden>
Acked-by: timeout - 3403. By Christian Boltz
-
Allow /var/run/
dovecot/ login-master- notify* in dovecot imap-login profiles Acked-by: Seth Arnold <email address hidden> for trunk, 2.11, 2.10 and 2.9.
- 3402. By Christian Boltz
-
Merge updated traceroute profile into 2.10 and 2.9 branch
References: https:/
/bugzilla. opensuse. org/show_ bug.cgi? id=1057900 -------
------- ------- ------- ------- ------- ------- ------- ----
revno: 3690 [merge]
committer: Steve Beattie <email address hidden>
branch nick: apparmor
timestamp: Wed 2017-08-09 08:57:36 -0700
message:
traceroute profile: support TCP SYN for probes, quite net_admin requestMerge from Vincas Dargis, approved by intrigeri.
fix traceroute denies in tcp modeAcked-by: Steve Beattie <email address hidden>
-------------- ------- ------- ------- ------- ------- ------- ---- Backport to 2.10 and 2.9 branch
Acked-by: Steve Beattie <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3401. By Christian Boltz
-
abstractions/
freedesktop. org: support /usr/local/ applications; support subdirs of applications folder Merge request by Cameron Norman 2015-06-07
https://code.launchpad .net/~cameronne mo/apparmor/ abstraction- fdo-application s-fixups/ +merge/ 261336 Acked-by: Christian Boltz <email address hidden> for trunk, 2.11, 2.10 and 2.9
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12