lp:~tyhicks/apparmor/abstract-sockets-wip
- Get this branch:
- bzr branch lp:~tyhicks/apparmor/abstract-sockets-wip
Branch merges
Branch information
Recent revisions
- 1510. By Tyler Hicks
-
* 01-get-text.patch, 02-network1.patch, 03-type_name.patch,
04-af_mapping. patch, 05-af_type_ mappings. patch, 06-network3.patch,
07-move-node.patch, 08-split- accept- perm.patch, 09-refactor1.patch,
10-refactor1.patch, 11-refactor1.patch, 12-split- accept- from-rule. patch:
Import the latest AF_UNIX parser patches from the AppArmor list. Note that
these patches are a work in progress and are not in their final form. - 1509. By Tyler Hicks
-
* parser-
include- usr-share- apparmor. patch, debian/ apparmor. install: Adjust
the default parser.conf file, to add /usr/share/apparmor as an additional
search path when resolving include directives in profiles, and install the
file in /etc/apparmor. Ubuntu places hardware specific access rules in
/usr/share/apparmor/ hardware. This change allows these files to be
included without using an absolute path (e.g.,
'#include <hardware/graphics. d>'). - 1508. By Tyler Hicks
-
* debian/
lib/apparmor/ functions, debian/ apparmor. init,
debian/apparmor. upstart: Ensure system policy cache cannot become stale
after image based upgrades that update the system profiles (LP: #1350673) - 1507. By Tyler Hicks
-
* utils-add-
cap-audit- read-to- severity. db: Make severity.db aware of the
new, as of kernel 3.16, CAP_AUDIT_READ capability - 1506. By Tyler Hicks
-
* update-
chromium- browser- for-kde. patch: Allow chromium-browser to execute
KDialog. Thanks to user "Esokrates". (LP: #1341152) - 1504. By Jamie Strandboge
-
update-
nameservice- abstraction- for-extrausers. patch: update nameservice
abstraction to allow passwd and group when using libnss-extrausers - 1502. By Marc Deslauriers
-
* Updated to r2541 snapshot of 2.8.96:
- removed upstreamed patches: convert-to-rules. patch, list-fns.patch,
parse-mode.patch, add-decimal- interp. patch, policy_ mediates. patch,
fix-failpath. patch, feature_file.patch, fix-network.patch,
aare-to-class. patch, add-mediation- unix.patch, parser_ version. patch,
caching.patch, label-class.patch, fix-lexer-debug.patch,
use-diff-encode. patch, fix-serialize. patch,
fix-ppc-endian- ftbfs.patch, opt_arg.patch, tests-cond- dbus.patch,
initialize-mount-flags. patch, fix-typo- in-dbus_ write.patch,
limited-mount-rule- support. patch, bare-capability -rule-support. patch,
check-config- for-sysctl. patch, increase- swap-size. patch,
test-v6-policy. patch, test-mount- mediation. patch,
mediate-signals. patch, change- signal- syntax. patch,
mediate-ptrace. patch, change- ptrace- syntax. patch,
test-signal- rules.patch, test-ptrace- rules.patch,
update-tests-for- new-semantics. patch,
fix-garbage- in-preprocessor -output. patch,
fix-double- comma-in- preprocessor- output. patch,
symtab-tests-and- seenlist- bug.patch, add-profile- name-variable. patch,
fix-names-treated- as-condlistid. patch, manpage- signal- ptrace. patch,
python-utils-file- support. patch, python- utils-signal- support. patch,
python-utils-ptrace- support. patch,
python-utils-pivot_ root-support. patch.
* Added upstart job (LP: #1305108)
- debian/apparmor. upstart: new upstart job.
- debian/apparmor. init: added click handling, move some code to
unload_obsolete_ profiles( ).
- debian/lib/apparmor/ functions: add unload_ obsolete_ profiles( ).
- debian/apparmor. postinst, debian/ apparmor- profiles. postinst: reload
profiles directly since invoke-rc.d won't allow to do this easily
with upstart and systemd jobs.
- debian/rules: pass --no-start to dh_installinit since we're handling
reloading profiles manually in the postinst scripts.
- debian/control: add a versioned apparmor Depends to the
apparmor-profiles package to make sure the required tools are
installed for the postinst script. - 1501. By Jamie Strandboge
-
* debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof- ubuntu
[ John Johansen, Steve Beattie ]
* Add userspace support for AppArmor signals and ptrace mediation
(LP: #1298611)
+ debian/patches/ mediate- signals. patch,
debian/patches/ change- signal- syntax. patch: Parse signal rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/ change- ptrace- syntax. patch,
debian/patches/ mediate- ptrace. patch: Parse ptrace rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/ test-signal- rules.patch,
debian/patches/ test-ptrace- rules.patch,
debian/patches/ update- tests-for- new-semantics. patch: Update existing
tests and add new tests for signal and ptrace mediation
+ debian/patches/ fix-garbage- in-preprocessor -output. patch: Fix bug causing
apparmor_parser preprocessor output to contain garbage after include
statements
+ debian/patches/ fix-double- comma-in- preprocessor- output. patch: Fix bug
causing apparmor_parser preprocessor output to contain double commas
after some rules
+ debian/patches/ symtab- tests-and- seenlist- bug.patch,
debian/patches/ add-profile- name-variable. patch: Add ${profile_name}
variable for use in profiles when rules need to specify the current
profile's name. This is useful for signal and ptrace rules that specify
+ debian/patches/ fix-names- treated- as-condlistid. patch: Fix
apparmor_parser bug that caused mount and dbus rules to fail for sets of
values
[ Jamie Strandboge ]
* debian/patches/ update- base-abstractio n-for-signals- and-ptrace. patch:
Adjust the base abstraction for signals and ptrace mediation. Profiles
that use the base abstraction can deny any of the granted permissions to
achieve tighter confinement.
* debian/patches/ manpage- signal- ptrace. patch: Update the apparmor.d man
page to document signal rules, ptrace rules, and variables for use in
AppArmor profiles
* debian/patches/ dnsmasq- libvirtd- signal- ptrace. patch: Update the dnsmasq
profile to allow libvirtd to send signals to and ptrace read the dnsmasq
process
* debian/patches/ update- chromium- browser. patch: Adjust the chromium-browser
profile for permissions needed in newer chromium-browser versions and add
the rules needed for AppArmor ptrace mediation
[ Tyler Hicks ]
* Add new rule type support to aa.py to fix tracebacks when using the Python
utilities in apparmor-utils on systems with AppArmor profiles containing
previously unsupported rule types
- debian/patches/ python- utils-file- support. patch: Support path rules
containing the "file" prefix (LP: #1295346)
- debian/patches/ python- utils-signal- support. patch: Parse and write signal
rules (LP: #1300316)
- debian/patches/ python- utils-ptrace- support. patch: Parse and write ptrace
rules (LP: #1300317)
- debian/patches/ python- utils-pivot_ root-support. patch: Parse and write
pivot_root rules (LP: #1298678)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12