lp:apparmor/2.9

Created by Steve Beattie on 2014-12-16 and last modified on 2017-10-26
Get this branch:
bzr branch lp:apparmor/2.9
Members of AppArmor Developers can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
AppArmor Developers
Project:
AppArmor
Status:
Mature

Recent revisions

3070. By intrigeri on 2017-10-26

profiles: allow OpenAL HRTF support in audio abstraction

Merge from trunk commit 3726

The files are "head-related transfer function" data sets, used by
OpenAL for better spatialization of sounds when headphones are detected.

Acked-by: Steve Beattie <email address hidden>

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874665

3069. By Christian Boltz on 2017-10-20

Allow reading /etc/netconfig in abstractions/nameservice

/etc/netconfig is required by the tirpc library which nscd and several
other programs use.

References: https://bugzilla.opensuse.org/show_bug.cgi?id=1062244

Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk

3068. By John Johansen on 2017-10-19

Bump release version to 2.9.5

Signed-off-by: John Johansen <email address hidden>

3067. By John Johansen on 2017-10-18

Fix af_unix downgrade of network rules

with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix rules

however this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.

cherry-pick: lp:apparmor r3700
Signed-off-by: John Johansen <email address hidden>
Acked-by: timeout

3066. By Christian Boltz on 2017-09-28

Allow /var/run/dovecot/login-master-notify* in dovecot imap-login profiles

Acked-by: Seth Arnold <email address hidden> for trunk, 2.11, 2.10 and 2.9.

3065. By Christian Boltz on 2017-09-12

Merge updated traceroute profile into 2.10 and 2.9 branch

References: https://bugzilla.opensuse.org/show_bug.cgi?id=1057900

------------------------------------------------------------
revno: 3690 [merge]
committer: Steve Beattie <email address hidden>
branch nick: apparmor
timestamp: Wed 2017-08-09 08:57:36 -0700
message:
  traceroute profile: support TCP SYN for probes, quite net_admin request

  Merge from Vincas Dargis, approved by intrigeri.
  fix traceroute denies in tcp mode

  Acked-by: Steve Beattie <email address hidden>
------------------------------------------------------------

Backport to 2.10 and 2.9 branch

Acked-by: Steve Beattie <email address hidden>
Acked-by: Seth Arnold <email address hidden>

3064. By Christian Boltz on 2017-09-10

abstractions/freedesktop.org: support /usr/local/applications; support subdirs of applications folder

Merge request by Cameron Norman 2015-06-07
https://code.launchpad.net/~cameronnemo/apparmor/abstraction-fdo-applications-fixups/+merge/261336

Acked-by: Christian Boltz <email address hidden> for trunk, 2.11, 2.10 and 2.9

3063. By Christian Boltz on 2017-08-29

Samba profile updates for ActiveDirectory / Kerberos

The Samba package used by the INVIS server (based on openSUSE) needs
some additional Samba permissions for the added ActiveDirectory /
Kerberos support.

As discussed with Seth, add /var/lib/sss/mc/initgroups read permissions
to abstractions/nameservice instead of only to the smbd profile because
it's probably needed by more than just Samba if someone uses sss.

Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk.

3062. By Christian Boltz on 2017-08-22

update some Postfix profiles

- change abstractions/postfix-common to allow /etc/postfix/*.db k
- add several permissions to postfix/error, postfix/lmtp and postfix/pipe
- remove superfluous abstractions/kerberosclient from all postfix
  profiles - it's included via abstractions/nameservice

Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk

3061. By Christian Boltz on 2017-07-31

remove test_multi unconfined-change_hat.profile from 2.10 and 2.9 branch

2.10 branch r3387 and 2.9 branch r3052 (Ignore change_hat events
with error=-1 and "unconfined can not change_hat") accidently added
unconfined-change_hat.profile to the test_multi directory.

2.9 and 2.10 don't support the test_multi *.profile files and error out
in the tests saying "Found unknown file unconfined-change_hat.profile",
therefore delete this file.

Acked-by: Seth Arnold <email address hidden>

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:apparmor/2.12
This branch contains Public information 
Everyone can see this information.