lp:apparmor/2.9
- Get this branch:
- bzr branch lp:apparmor/2.9
Branch merges
Related bugs
Bug #1466812: aa-logprof crash | High | Triaged | |
Bug #1650827: /usr/lib/dovecot/dovecot-lda: "Failed name lookup - disconnected path" | High | Confirmed | |
Bug #1658238: apache2 abstraction incomplete | Undecided | New |
Related blueprints
Branch information
Recent revisions
- 3070. By intrigeri
-
profiles: allow OpenAL HRTF support in audio abstraction
Merge from trunk commit 3726
The files are "head-related transfer function" data sets, used by
OpenAL for better spatialization of sounds when headphones are detected.Acked-by: Steve Beattie <email address hidden>
Bug: https:/
/bugs.debian. org/cgi- bin/bugreport. cgi?bug= 874665 - 3069. By Christian Boltz
-
Allow reading /etc/netconfig in abstractions/
nameservice /etc/netconfig is required by the tirpc library which nscd and several
other programs use.References: https:/
/bugzilla. opensuse. org/show_ bug.cgi? id=1062244 Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk
- 3068. By John Johansen
-
Bump release version to 2.9.5
Signed-off-by: John Johansen <email address hidden>
- 3067. By John Johansen
-
Fix af_unix downgrade of network rules
with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix ruleshowever this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.cherry-pick: lp:apparmor r3700
Signed-off-by: John Johansen <email address hidden>
Acked-by: timeout - 3066. By Christian Boltz
-
Allow /var/run/
dovecot/ login-master- notify* in dovecot imap-login profiles Acked-by: Seth Arnold <email address hidden> for trunk, 2.11, 2.10 and 2.9.
- 3065. By Christian Boltz
-
Merge updated traceroute profile into 2.10 and 2.9 branch
References: https:/
/bugzilla. opensuse. org/show_ bug.cgi? id=1057900 -------
------- ------- ------- ------- ------- ------- ------- ----
revno: 3690 [merge]
committer: Steve Beattie <email address hidden>
branch nick: apparmor
timestamp: Wed 2017-08-09 08:57:36 -0700
message:
traceroute profile: support TCP SYN for probes, quite net_admin requestMerge from Vincas Dargis, approved by intrigeri.
fix traceroute denies in tcp modeAcked-by: Steve Beattie <email address hidden>
-------------- ------- ------- ------- ------- ------- ------- ---- Backport to 2.10 and 2.9 branch
Acked-by: Steve Beattie <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3064. By Christian Boltz
-
abstractions/
freedesktop. org: support /usr/local/ applications; support subdirs of applications folder Merge request by Cameron Norman 2015-06-07
https://code.launchpad .net/~cameronne mo/apparmor/ abstraction- fdo-application s-fixups/ +merge/ 261336 Acked-by: Christian Boltz <email address hidden> for trunk, 2.11, 2.10 and 2.9
- 3063. By Christian Boltz
-
Samba profile updates for ActiveDirectory / Kerberos
The Samba package used by the INVIS server (based on openSUSE) needs
some additional Samba permissions for the added ActiveDirectory /
Kerberos support.As discussed with Seth, add /var/lib/
sss/mc/ initgroups read permissions
to abstractions/nameservice instead of only to the smbd profile because
it's probably needed by more than just Samba if someone uses sss.Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk.
- 3062. By Christian Boltz
-
update some Postfix profiles
- change abstractions/
postfix- common to allow /etc/postfix/*.db k
- add several permissions to postfix/error, postfix/lmtp and postfix/pipe
- remove superfluous abstractions/kerberosclient from all postfix
profiles - it's included via abstractions/nameservice Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk
- 3061. By Christian Boltz
-
remove test_multi unconfined-
change_ hat.profile from 2.10 and 2.9 branch 2.10 branch r3387 and 2.9 branch r3052 (Ignore change_hat events
with error=-1 and "unconfined can not change_hat") accidently added
unconfined-change_ hat.profile to the test_multi directory. 2.9 and 2.10 don't support the test_multi *.profile files and error out
in the tests saying "Found unknown file unconfined-change_ hat.profile" ,
therefore delete this file.Acked-by: Seth Arnold <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12