Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/vivid/apparmor
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

89. By Serge Hallyn on 2015-04-02

Make debian/lib/apparmor/profile-load executable.

88. By Jamie Strandboge on 2015-03-28

[ Steve Beattie ]
* debian/rules: run make check on the libapparmor library
* add-chromium-browser.patch: add support for chromium policies
  (LP: #1419294)
* debian/apparmor.{init,upstart}: add support for triggering
  aa-profile-hook runs when packages are updated via snappy system
  image updates (LP: #1434143)
* parser-fix_modifier_compilation_+_tests.patch: fix compilation
  of audit modifiers for exec and pivot_root and deny modifiers on
  link rules as well as significantly expand related tests
  (LP: #1431717, LP: #1432045, LP: #1433829)
* tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
  around pivot_root test failures due to init=systemd (LP: #1436109)
* GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
  file to X abstraction (LP: #1432126)

[ Jamie Strandboge ]
* easyprof-framework-policy.patch: add --include-templates-dir and
  --include-policy-groups-dir options to easyprof to support framework
  policy on snappy

[ Robie Basak ]
* Add /lib/apparmor/profile-load; moved from
  /lib/init/apparmor-profile-load from the upstart package. A wrapper at
  the original path is now provided by init-system-helpers. (LP: #1432683)

87. By Jamie Strandboge on 2015-03-06

systemd-dev-log-lp1413232.patch: Allow writes to the systemd journal
socket /{,var}/run/systemd/journal/dev-log. This can be dropped with
with AppArmor 2.9.2. (LP: #1413232)

86. By Steve Beattie on 2015-03-03

add-mir-abstractions-lp1422521.patch: add correct location of
mir specific libraries and mir unprivileged client socket
to mir abstraction (LP: #1422521)

85. By Martin Pitt on 2015-03-03

debian/apparmor.init: Replace unnecessary $remote_fs dependency with
$local_fs. This is sufficient as during boot we don't use anything from
/usr. It's also necessary to avoid dependency cycles when using NFS (as
its dependencies should be covered by AppArmor). (LP: #1312976)

84. By Steve Beattie on 2015-02-17

* Update to apparmor 2.9.1
  - make parser mount rule options consistent with documentation
    (LP: #1401619)
  - make parser fail if unknown mount options are encountered
    (LP: #1401621)
  - stop aa-logprof from asking about already allowed network rules
    (LP: #1380367)
  - make utils offer abstractions for network rules (LP: #1380367)
  - make libapparmor understand logs generated by syslog-ng
    (LP: #1399027)
  - stop python utilities from adding duplicate quotes (LP: #1328707)
  - work around aa-cleanprof crashes (LP: #1382236)
  - other bug fixes, performance improvements, and testcases added to
    the python utils.
  - policy updates for dnsmasq, nscd, and others
  - translation updates
* Partial sync with debian apparmor package:
  - debian/apparmor-profiles.install: add additional dovecot and
    smbldap-useradd profiles
  - debian/control: fix typo in apparmor-docs description, fix file
    overwrite issues with python-apparmor, apparmor-docs
  - debian/rules: improved repeat-build cleanup logic.
  - Add Turkish translation of debconf messages. Thanks to
    Mert Dirik <email address hidden> for the patch!
  - debian/apparmor.postrm: Remove
    /var/lib/apparmor/profiles/.apparmor.md5sums and parent
    directories on package purge.
* add-mir-abstractions-lp1422521.patch: add mir abstraction to cover
  mir specific libraries (LP: #1422521)
* debian/rules: remove no longer needed references to PERLDIR when
  installing from utils/

83. By Martin Pitt on 2014-12-01

Ship libapparmor in /lib instead of /usr as we want to use it in systemd
now. (LP: #1397960)

82. By Jamie Strandboge on 2014-10-28

* debian/lib/apparmor/functions: disable expr tree simplification for
  /var/lib/apparmor/profiles (LP: #1383858)
* parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
  cache when specifying '-O' (LP: #1385947)

81. By Steve Beattie on 2014-10-09

* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
  - fix logparsing memory leak (LP: #1340927)
  - incorporate fixes to regression testsuite to compensate for
    af_unix mediation, as well as extend test coverage
    (LP: #1375403, LP: #1375516)
  - fix libapparmor's log parsing code to accept additional rejection
    types (LP: #1375413)
  - fix X abstraction for changed lightdm xauthority file locations
    (LP: #1339727)
  - parser: disable downgrade and not enforced rule messages
    by default
  - fix error when using regex profile names in IPC rules
    (LP: #1373085)
  - updates and fixes to the python utilities
  - translation updates

[ Steve Beattie ]
* Removed upstreamed patches:
  fix_socketpair_tests.patch, sanitized-helpers-updates.patch,
  10-lp1371771.patch, 11-lp1371765.patch,
* refreshed etc-writable.patch and libapparmor-layout-deb.patch
* debian/control: add breaks on python3-apparmor against older
  apparmor-utils that used to be where python bits lived
  (LP: #1373259)
* debian/apport/source_apparmor.py:
 - fixes the apparmor apport hook so it does not raise an exception if
   a non-unicode character is found in /var/log/kern.log or in
   /var/log/syslog. This should work under python3 or python2.7
   (LP: #1304447)
 - adjusts the add_info() function to take the expected additional ui
   argument, though it has no need for it.
 - converts the log parsing code to use with statements so as not to
   leak open file descriptors
 - updates the set of packages to query to see if installed and if so,
   report the version of.
 - adjust import to make pyflakes job easier
 - minor pep8 cleanups

[ Jamie Strandboge ]
* add-chromium-browser.patch: don't allow writing to the oom score and
  adjust files since this allows chromium to change the values for any
  process matching our UID
* debian/apparmor.upstart: check if click-apparmor md5sums changed so we
  regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor.init: make corresponding upstart change to initscript
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
  to load a profile set. This should be removed when the parser properly
  handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447)

80. By Jamie Strandboge on 2014-09-27

add-chromium-browser.patch: user addr=none instead of peer=(addr=none)
(LP: #1374363)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.