Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/utopic-proposed/apparmor
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

81. By Steve Beattie

* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
  - fix logparsing memory leak (LP: #1340927)
  - incorporate fixes to regression testsuite to compensate for
    af_unix mediation, as well as extend test coverage
    (LP: #1375403, LP: #1375516)
  - fix libapparmor's log parsing code to accept additional rejection
    types (LP: #1375413)
  - fix X abstraction for changed lightdm xauthority file locations
    (LP: #1339727)
  - parser: disable downgrade and not enforced rule messages
    by default
  - fix error when using regex profile names in IPC rules
    (LP: #1373085)
  - updates and fixes to the python utilities
  - translation updates

[ Steve Beattie ]
* Removed upstreamed patches:
  fix_socketpair_tests.patch, sanitized-helpers-updates.patch,
  10-lp1371771.patch, 11-lp1371765.patch,
* refreshed etc-writable.patch and libapparmor-layout-deb.patch
* debian/control: add breaks on python3-apparmor against older
  apparmor-utils that used to be where python bits lived
  (LP: #1373259)
* debian/apport/source_apparmor.py:
 - fixes the apparmor apport hook so it does not raise an exception if
   a non-unicode character is found in /var/log/kern.log or in
   /var/log/syslog. This should work under python3 or python2.7
   (LP: #1304447)
 - adjusts the add_info() function to take the expected additional ui
   argument, though it has no need for it.
 - converts the log parsing code to use with statements so as not to
   leak open file descriptors
 - updates the set of packages to query to see if installed and if so,
   report the version of.
 - adjust import to make pyflakes job easier
 - minor pep8 cleanups

[ Jamie Strandboge ]
* add-chromium-browser.patch: don't allow writing to the oom score and
  adjust files since this allows chromium to change the values for any
  process matching our UID
* debian/apparmor.upstart: check if click-apparmor md5sums changed so we
  regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor.init: make corresponding upstart change to initscript
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
  to load a profile set. This should be removed when the parser properly
  handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447)

80. By Jamie Strandboge

add-chromium-browser.patch: user addr=none instead of peer=(addr=none)
(LP: #1374363)

79. By Jamie Strandboge

* lp1169881.patch: add /usr/bin/gnome-gmail to ubuntu-email (LP: #1169881)
* debian/control: update Breaks on lxc 1.1.0~alpha1-0ubuntu5~ (LP: #1373555)

78. By Jamie Strandboge

[ Jamie Strandboge ]
* sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
* 10-lp1371771.patch: don't exit prematurely and fail to load remaining
  policy if encounter a corrupt cache file (LP: #1371771)
* 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
  (LP: #1371765)
* debian/lib/apparmor/functions:
  - don't return 0 on parsing failure. Patch thanks to Felix Geyer
    (LP: #1370228)
  - use xargs -n1 when we don't have cache files, but omit it when we do.
    This allows taking full advantage of xargs -P when we need it most,
    without the cost when we don't.

[ Steve Beattie ]
* update_socketpair_tests_for_af_unix.patch,
  fix_socketpair_tests.patch: update socketpair regression tests for
  af_unix socket mediation

77. By Jamie Strandboge

* debian/apparmor.{upstart,init}: make sure we always update the .md5sums
  for apparmor-easyprof-ubuntu even when apparmor is updated (before if both
  were updated, aa-clickhook -f would be run on the 1st and 2nd boot rather
  than just the 1st)
* debian/apparmor.postinst: update the cached .md5sums file on upgrade to
  avoid running on install and then again on first boot after upgrade. This
  change only affects apt upgrades and not system-image upgrades since
  system-image upgrades always use the existing .md5sums if they exist (see
* ubuntu-manpage-updates.patch: adjust for move to upstart job and click
* debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in
  foreach_configured_profile() when loading valid cache files. This used to
  be needed when apparmor_parser would generate different binary caches when
  compiling policy one profile at a time and all at once. That bug is long
  fixed and removing -n1 gives a significant performance improvement for
  boots with valid cache files (~65% on armhf)

76. By Jamie Strandboge

* 08-phpsysinfo-policy-updates.patch: update for new phpsysinfo on Ubuntu
* 09-apache2-policy-instructions.patch: update for recent Debian/Ubuntu
* debian/control: update Breaks for apparmor-easyprof-ubuntu, libvirt-bin,
  and lightdm. Add Breaks on rsyslog.

75. By Jamie Strandboge

* Updates for perl 5.20 multiarch transition
  - debian/libapparmor-perl.install: don't hardcode usr/lib/perl5 but
    instead use $Config{vendorarch} in an executable install file. Make it
  - debian/control: Build-Depends on debhelper (>= 9) (9 is needed to use
    an executable install file)
  - debian/patches/perl-multiarch.patch:
    + add @{multiarch} paths to perl abstraction
    + update logprof.conf, severity.db and corresponding tests for updated
      perl path

74. By Jamie Strandboge

update-nameservice-abstraction-for-extrausers.patch: update nameservice
abstraction to allow passwd and group when using libnss-extrausers

73. By Marc Deslauriers

* Updated to r2541 snapshot of 2.8.96:
  - removed upstreamed patches: convert-to-rules.patch, list-fns.patch,
    parse-mode.patch, add-decimal-interp.patch, policy_mediates.patch,
    fix-failpath.patch, feature_file.patch, fix-network.patch,
    aare-to-class.patch, add-mediation-unix.patch, parser_version.patch,
    caching.patch, label-class.patch, fix-lexer-debug.patch,
    use-diff-encode.patch, fix-serialize.patch,
    fix-ppc-endian-ftbfs.patch, opt_arg.patch, tests-cond-dbus.patch,
    initialize-mount-flags.patch, fix-typo-in-dbus_write.patch,
    limited-mount-rule-support.patch, bare-capability-rule-support.patch,
    check-config-for-sysctl.patch, increase-swap-size.patch,
    test-v6-policy.patch, test-mount-mediation.patch,
    mediate-signals.patch, change-signal-syntax.patch,
    mediate-ptrace.patch, change-ptrace-syntax.patch,
    test-signal-rules.patch, test-ptrace-rules.patch,
    symtab-tests-and-seenlist-bug.patch, add-profile-name-variable.patch,
    fix-names-treated-as-condlistid.patch, manpage-signal-ptrace.patch,
    python-utils-file-support.patch, python-utils-signal-support.patch,
* Added upstart job (LP: #1305108)
  - debian/apparmor.upstart: new upstart job.
  - debian/apparmor.init: added click handling, move some code to
  - debian/lib/apparmor/functions: add unload_obsolete_profiles().
  - debian/apparmor.postinst, debian/apparmor-profiles.postinst: reload
    profiles directly since invoke-rc.d won't allow to do this easily
    with upstart and systemd jobs.
  - debian/rules: pass --no-start to dh_installinit since we're handling
    reloading profiles manually in the postinst scripts.
  - debian/control: add a versioned apparmor Depends to the
    apparmor-profiles package to make sure the required tools are
    installed for the postinst script.

72. By Jamie Strandboge

debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof-ubuntu

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.