lp:~tyhicks/apparmor/abstract-sockets-wip

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

1510. By Tyler Hicks on 2014-08-15

* 01-get-text.patch, 02-network1.patch, 03-type_name.patch,
  04-af_mapping.patch, 05-af_type_mappings.patch, 06-network3.patch,
  07-move-node.patch, 08-split-accept-perm.patch, 09-refactor1.patch,
  10-refactor1.patch, 11-refactor1.patch, 12-split-accept-from-rule.patch:
  Import the latest AF_UNIX parser patches from the AppArmor list. Note that
  these patches are a work in progress and are not in their final form.

1509. By Tyler Hicks on 2014-08-07

* parser-include-usr-share-apparmor.patch, debian/apparmor.install: Adjust
  the default parser.conf file, to add /usr/share/apparmor as an additional
  search path when resolving include directives in profiles, and install the
  file in /etc/apparmor. Ubuntu places hardware specific access rules in
  /usr/share/apparmor/hardware. This change allows these files to be
  included without using an absolute path (e.g.,
  '#include <hardware/graphics.d>').

1508. By Tyler Hicks on 2014-08-07

* debian/lib/apparmor/functions, debian/apparmor.init,
  debian/apparmor.upstart: Ensure system policy cache cannot become stale
  after image based upgrades that update the system profiles (LP: #1350673)

1507. By Tyler Hicks on 2014-08-04

* utils-add-cap-audit-read-to-severity.db: Make severity.db aware of the
  new, as of kernel 3.16, CAP_AUDIT_READ capability

1506. By Tyler Hicks on 2014-08-04

* update-chromium-browser-for-kde.patch: Allow chromium-browser to execute
  KDialog. Thanks to user "Esokrates". (LP: #1341152)

1505. By Jamie Strandboge on 2014-08-04

add debian/patches/update-nameservice-abstraction-for-extrausers.patch

1504. By Jamie Strandboge on 2014-08-04

update-nameservice-abstraction-for-extrausers.patch: update nameservice
abstraction to allow passwd and group when using libnss-extrausers

1503. By Marc Deslauriers on 2014-06-23

removed leftover files

1502. By Marc Deslauriers on 2014-06-23

* Updated to r2541 snapshot of 2.8.96:
  - removed upstreamed patches: convert-to-rules.patch, list-fns.patch,
    parse-mode.patch, add-decimal-interp.patch, policy_mediates.patch,
    fix-failpath.patch, feature_file.patch, fix-network.patch,
    aare-to-class.patch, add-mediation-unix.patch, parser_version.patch,
    caching.patch, label-class.patch, fix-lexer-debug.patch,
    use-diff-encode.patch, fix-serialize.patch,
    fix-ppc-endian-ftbfs.patch, opt_arg.patch, tests-cond-dbus.patch,
    initialize-mount-flags.patch, fix-typo-in-dbus_write.patch,
    limited-mount-rule-support.patch, bare-capability-rule-support.patch,
    check-config-for-sysctl.patch, increase-swap-size.patch,
    test-v6-policy.patch, test-mount-mediation.patch,
    mediate-signals.patch, change-signal-syntax.patch,
    mediate-ptrace.patch, change-ptrace-syntax.patch,
    test-signal-rules.patch, test-ptrace-rules.patch,
    update-tests-for-new-semantics.patch,
    fix-garbage-in-preprocessor-output.patch,
    fix-double-comma-in-preprocessor-output.patch,
    symtab-tests-and-seenlist-bug.patch, add-profile-name-variable.patch,
    fix-names-treated-as-condlistid.patch, manpage-signal-ptrace.patch,
    python-utils-file-support.patch, python-utils-signal-support.patch,
    python-utils-ptrace-support.patch,
    python-utils-pivot_root-support.patch.
* Added upstart job (LP: #1305108)
  - debian/apparmor.upstart: new upstart job.
  - debian/apparmor.init: added click handling, move some code to
    unload_obsolete_profiles().
  - debian/lib/apparmor/functions: add unload_obsolete_profiles().
  - debian/apparmor.postinst, debian/apparmor-profiles.postinst: reload
    profiles directly since invoke-rc.d won't allow to do this easily
    with upstart and systemd jobs.
  - debian/rules: pass --no-start to dh_installinit since we're handling
    reloading profiles manually in the postinst scripts.
  - debian/control: add a versioned apparmor Depends to the
    apparmor-profiles package to make sure the required tools are
    installed for the postinst script.

1501. By Jamie Strandboge on 2014-04-04

* debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
  lightdm and apparmor-easyprof-ubuntu
[ John Johansen, Steve Beattie ]
* Add userspace support for AppArmor signals and ptrace mediation
  (LP: #1298611)
  + debian/patches/mediate-signals.patch,
    debian/patches/change-signal-syntax.patch: Parse signal rules with
    apparmor_parser. See the apparmor.d(5) man page for syntax details.
  + debian/patches/change-ptrace-syntax.patch,
    debian/patches/mediate-ptrace.patch: Parse ptrace rules with
    apparmor_parser. See the apparmor.d(5) man page for syntax details.
  + debian/patches/test-signal-rules.patch,
    debian/patches/test-ptrace-rules.patch,
    debian/patches/update-tests-for-new-semantics.patch: Update existing
    tests and add new tests for signal and ptrace mediation
  + debian/patches/fix-garbage-in-preprocessor-output.patch: Fix bug causing
    apparmor_parser preprocessor output to contain garbage after include
    statements
  + debian/patches/fix-double-comma-in-preprocessor-output.patch: Fix bug
    causing apparmor_parser preprocessor output to contain double commas
    after some rules
  + debian/patches/symtab-tests-and-seenlist-bug.patch,
    debian/patches/add-profile-name-variable.patch: Add ${profile_name}
    variable for use in profiles when rules need to specify the current
    profile's name. This is useful for signal and ptrace rules that specify
  + debian/patches/fix-names-treated-as-condlistid.patch: Fix
    apparmor_parser bug that caused mount and dbus rules to fail for sets of
    values
[ Jamie Strandboge ]
* debian/patches/update-base-abstraction-for-signals-and-ptrace.patch:
  Adjust the base abstraction for signals and ptrace mediation. Profiles
  that use the base abstraction can deny any of the granted permissions to
  achieve tighter confinement.
* debian/patches/manpage-signal-ptrace.patch: Update the apparmor.d man
  page to document signal rules, ptrace rules, and variables for use in
  AppArmor profiles
* debian/patches/dnsmasq-libvirtd-signal-ptrace.patch: Update the dnsmasq
  profile to allow libvirtd to send signals to and ptrace read the dnsmasq
  process
* debian/patches/update-chromium-browser.patch: Adjust the chromium-browser
  profile for permissions needed in newer chromium-browser versions and add
  the rules needed for AppArmor ptrace mediation
[ Tyler Hicks ]
* Add new rule type support to aa.py to fix tracebacks when using the Python
  utilities in apparmor-utils on systems with AppArmor profiles containing
  previously unsupported rule types
  - debian/patches/python-utils-file-support.patch: Support path rules
    containing the "file" prefix (LP: #1295346)
  - debian/patches/python-utils-signal-support.patch: Parse and write signal
    rules (LP: #1300316)
  - debian/patches/python-utils-ptrace-support.patch: Parse and write ptrace
    rules (LP: #1300317)
  - debian/patches/python-utils-pivot_root-support.patch: Parse and write
    pivot_root rules (LP: #1298678)