lp:ubuntu/vivid/apparmor

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

1 recipe using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1383858: expr-simplify optimization slows click/snap policy compilation	Medium	Triaged
Bug #1385947: specifying -O to parser causes the parser to not consider cache files	Medium	Confirmed

Link a bug report

Related blueprints

89. By Serge Hallyn on 2015-04-02

Make debian/lib/apparmor/profile-load executable.

88. By Jamie Strandboge on 2015-03-28

[ Steve Beattie ]
* debian/rules: run make check on the libapparmor library
* add-chromium-browser.patch: add support for chromium policies
  (LP: #1419294)
* debian/apparmor.{init,upstart}: add support for triggering
  aa-profile-hook runs when packages are updated via snappy system
  image updates (LP: #1434143)
* parser-fix_modifier_compilation_+_tests.patch: fix compilation
  of audit modifiers for exec and pivot_root and deny modifiers on
  link rules as well as significantly expand related tests
  (LP: #1431717, LP: #1432045, LP: #1433829)
* tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
  around pivot_root test failures due to init=systemd (LP: #1436109)
* GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
  file to X abstraction (LP: #1432126)

[ Jamie Strandboge ]
* easyprof-framework-policy.patch: add --include-templates-dir and
  --include-policy-groups-dir options to easyprof to support framework
  policy on snappy

[ Robie Basak ]
* Add /lib/apparmor/profile-load; moved from
  /lib/init/apparmor-profile-load from the upstart package. A wrapper at
  the original path is now provided by init-system-helpers. (LP: #1432683)

87. By Jamie Strandboge on 2015-03-06

systemd-dev-log-lp1413232.patch: Allow writes to the systemd journal
socket /{,var}/run/systemd/journal/dev-log. This can be dropped with
with AppArmor 2.9.2. (LP: #1413232)

86. By Steve Beattie on 2015-03-03

add-mir-abstractions-lp1422521.patch: add correct location of
mir specific libraries and mir unprivileged client socket
to mir abstraction (LP: #1422521)

85. By Martin Pitt on 2015-03-03

debian/apparmor.init: Replace unnecessary $remote_fs dependency with
$local_fs. This is sufficient as during boot we don't use anything from
/usr. It's also necessary to avoid dependency cycles when using NFS (as
its dependencies should be covered by AppArmor). (LP: #1312976)

84. By Steve Beattie on 2015-02-17

* Update to apparmor 2.9.1
  - make parser mount rule options consistent with documentation
    (LP: #1401619)
  - make parser fail if unknown mount options are encountered
    (LP: #1401621)
  - stop aa-logprof from asking about already allowed network rules
    (LP: #1380367)
  - make utils offer abstractions for network rules (LP: #1380367)
  - make libapparmor understand logs generated by syslog-ng
    (LP: #1399027)
  - stop python utilities from adding duplicate quotes (LP: #1328707)
  - work around aa-cleanprof crashes (LP: #1382236)
  - other bug fixes, performance improvements, and testcases added to
    the python utils.
  - policy updates for dnsmasq, nscd, and others
  - translation updates
* Partial sync with debian apparmor package:
  - debian/apparmor-profiles.install: add additional dovecot and
    smbldap-useradd profiles
  - debian/control: fix typo in apparmor-docs description, fix file
    overwrite issues with python-apparmor, apparmor-docs
  - debian/rules: improved repeat-build cleanup logic.
  - Add Turkish translation of debconf messages. Thanks to
    Mert Dirik <email address hidden> for the patch!
  - debian/apparmor.postrm: Remove
    /var/lib/apparmor/profiles/.apparmor.md5sums and parent
    directories on package purge.
* add-mir-abstractions-lp1422521.patch: add mir abstraction to cover
  mir specific libraries (LP: #1422521)
* debian/rules: remove no longer needed references to PERLDIR when
  installing from utils/

83. By Martin Pitt on 2014-12-01

Ship libapparmor in /lib instead of /usr as we want to use it in systemd
now. (LP: #1397960)

82. By Jamie Strandboge on 2014-10-28

* debian/lib/apparmor/functions: disable expr tree simplification for
  /var/lib/apparmor/profiles (LP: #1383858)
* parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
  cache when specifying '-O' (LP: #1385947)

81. By Steve Beattie on 2014-10-09

* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
  - fix logparsing memory leak (LP: #1340927)
  - incorporate fixes to regression testsuite to compensate for
    af_unix mediation, as well as extend test coverage
    (LP: #1375403, LP: #1375516)
  - fix libapparmor's log parsing code to accept additional rejection
    types (LP: #1375413)
  - fix X abstraction for changed lightdm xauthority file locations
    (LP: #1339727)
  - parser: disable downgrade and not enforced rule messages
    by default
  - fix error when using regex profile names in IPC rules
    (LP: #1373085)
  - updates and fixes to the python utilities
  - translation updates

[ Steve Beattie ]
* Removed upstreamed patches:
  drop-peer_addr-with-local-addr-in-base.patch,
  update_socketpair_tests_for_af_unix.patch,
  fix_socketpair_tests.patch, sanitized-helpers-updates.patch,
  01-tests-unix_socket_lists.patch,
  02-tests-accept_unix_rules_in_mkprofile.patch,
  03-tests-unix_sockets_v7_pathnames.patch,
  04-tests-migrate_from_poll_to_sockio_timeout.patch,
  05-tests-add_abstract_socket_tests.patch,
  06-tests-use_socketpair_and_none.patch,
  07-parser-fix_local_perms.patch,
  08-phpsysinfo-policy-updates.patch,
  09-apache2-policy-instructions.patch,
  10-lp1371771.patch, 11-lp1371765.patch,
  lp1169881.patch
* refreshed etc-writable.patch and libapparmor-layout-deb.patch
* debian/control: add breaks on python3-apparmor against older
  apparmor-utils that used to be where python bits lived
  (LP: #1373259)
* debian/apport/source_apparmor.py:
 - fixes the apparmor apport hook so it does not raise an exception if
   a non-unicode character is found in /var/log/kern.log or in
   /var/log/syslog. This should work under python3 or python2.7
   (LP: #1304447)
 - adjusts the add_info() function to take the expected additional ui
   argument, though it has no need for it.
 - converts the log parsing code to use with statements so as not to
   leak open file descriptors
 - updates the set of packages to query to see if installed and if so,
   report the version of.
 - adjust import to make pyflakes job easier
 - minor pep8 cleanups

[ Jamie Strandboge ]
* add-chromium-browser.patch: don't allow writing to the oom score and
  adjust files since this allows chromium to change the values for any
  process matching our UID
* debian/apparmor.upstart: check if click-apparmor md5sums changed so we
  regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor.init: make corresponding upstart change to initscript
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
  to load a profile set. This should be removed when the parser properly
  handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447)

80. By Jamie Strandboge on 2014-09-27

add-chromium-browser.patch: user addr=none instead of peer=(addr=none)
(LP: #1374363)