lp:~ubuntu-core-dev/apparmor/master

Created by Kees Cook on 2009-11-11 and last modified on 2015-03-30
Get this branch:
bzr branch lp:~ubuntu-core-dev/apparmor/master
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu Core Development Team
Project:
AppArmor
Status:
Development

Recent revisions

1508. By Jamie Strandboge 18 hours ago

[ Steve Beattie ]
* debian/rules: run make check on the libapparmor library
* add-chromium-browser.patch: add support for chromium policies
  (LP: #1419294)
* debian/apparmor.{init,upstart}: add support for triggering
  aa-profile-hook runs when packages are updated via snappy system
  image updates (LP: #1434143)
* parser-fix_modifier_compilation_+_tests.patch: fix compilation
  of audit modifiers for exec and pivot_root and deny modifiers on
  link rules as well as significantly expand related tests
  (LP: #1431717, LP: #1432045, LP: #1433829)
* tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
  around pivot_root test failures due to init=systemd (LP: #1436109)
* GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
  file to X abstraction (LP: #1432126)
[ Jamie Strandboge ]
* easyprof-framework-policy.patch: add --include-templates-dir and
  --include-policy-groups-dir options to easyprof to support framework
  policy on snappy
[ Robie Basak ]
* Add /lib/apparmor/profile-load; moved from
  /lib/init/apparmor-profile-load from the upstart package. A wrapper at
  the original path is now provided by init-system-helpers. (LP: #1432683)

1507. By Jamie Strandboge on 2015-03-06

sync with citrain branch. We should really not be maintaining two branches

1506. By Martin Pitt on 2014-12-01

releasing package apparmor version 2.8.98-0ubuntu4

1505. By Martin Pitt on 2014-12-01

Ship libapparmor in /lib instead of /usr as we want to use it in systemd
now. (LP: #1397960)

1504. By Jamie Strandboge on 2014-10-28

* debian/lib/apparmor/functions: disable expr tree simplification for
  /var/lib/apparmor/profiles (LP: #1383858)
* parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
  cache when specifying '-O' (LP: #1385947)

1503. By Jamie Strandboge on 2014-10-16

* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
  - fix logparsing memory leak (LP: #1340927)
  - incorporate fixes to regression testsuite to compensate for
    af_unix mediation, as well as extend test coverage
    (LP: #1375403, LP: #1375516)
  - fix libapparmor's log parsing code to accept additional rejection
    types (LP: #1375413)
  - fix X abstraction for changed lightdm xauthority file locations
    (LP: #1339727)
  - parser: disable downgrade and not enforced rule messages
    by default
  - fix error when using regex profile names in IPC rules
    (LP: #1373085)
  - updates and fixes to the python utilities
  - translation updates
[ Steve Beattie ]
* Removed upstreamed patches:
  drop-peer_addr-with-local-addr-in-base.patch,
  update_socketpair_tests_for_af_unix.patch,
  fix_socketpair_tests.patch, sanitized-helpers-updates.patch,
  01-tests-unix_socket_lists.patch,
  02-tests-accept_unix_rules_in_mkprofile.patch,
  03-tests-unix_sockets_v7_pathnames.patch,
  04-tests-migrate_from_poll_to_sockio_timeout.patch,
  05-tests-add_abstract_socket_tests.patch,
  06-tests-use_socketpair_and_none.patch,
  07-parser-fix_local_perms.patch,
  08-phpsysinfo-policy-updates.patch,
  09-apache2-policy-instructions.patch,
  10-lp1371771.patch, 11-lp1371765.patch,
  lp1169881.patch
* refreshed etc-writable.patch and libapparmor-layout-deb.patch
* debian/control: add breaks on python3-apparmor against older
  apparmor-utils that used to be where python bits lived
  (LP: #1373259)
* debian/apport/source_apparmor.py:
 - fixes the apparmor apport hook so it does not raise an exception if
   a non-unicode character is found in /var/log/kern.log or in
   /var/log/syslog. This should work under python3 or python2.7
   (LP: #1304447)
 - adjusts the add_info() function to take the expected additional ui
   argument, though it has no need for it.
 - converts the log parsing code to use with statements so as not to
   leak open file descriptors
 - updates the set of packages to query to see if installed and if so,
   report the version of.
 - adjust import to make pyflakes job easier
 - minor pep8 cleanups
[ Jamie Strandboge ]
* add-chromium-browser.patch: don't allow writing to the oom score and
  adjust files since this allows chromium to change the values for any
  process matching our UID
* debian/apparmor.upstart: check if click-apparmor md5sums changed so we
  regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor.init: make corresponding upstart change to initscript
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
  to load a profile set. This should be removed when the parser properly
  handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447)

1502. By Jamie Strandboge on 2014-09-27

add-chromium-browser.patch: user addr=none instead of peer=(addr=none)
(LP: #1374363)

1501. By Jamie Strandboge on 2014-09-25

* lp1169881.patch: add /usr/bin/gnome-gmail to ubuntu-email (LP: #1169881)
* debian/control: update Breaks on lxc 1.1.0~alpha1-0ubuntu5~ (LP: #1373555)

1500. By Jamie Strandboge on 2014-09-24

[ Jamie Strandboge ]
* sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
* 10-lp1371771.patch: don't exit prematurely and fail to load remaining
  policy if encounter a corrupt cache file (LP: #1371771)
* 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
  (LP: #1371765)
* debian/lib/apparmor/functions:
  - don't return 0 on parsing failure. Patch thanks to Felix Geyer
    (LP: #1370228)
  - use xargs -n1 when we don't have cache files, but omit it when we do.
    This allows taking full advantage of xargs -P when we need it most,
    without the cost when we don't.
[ Steve Beattie ]
* update_socketpair_tests_for_af_unix.patch,
  fix_socketpair_tests.patch: update socketpair regression tests for
  af_unix socket mediation

1499. By Jamie Strandboge on 2014-09-12

* debian/apparmor.{upstart,init}: make sure we always update the .md5sums
  for apparmor-easyprof-ubuntu even when apparmor is updated (before if both
  were updated, aa-clickhook -f would be run on the 1st and 2nd boot rather
  than just the 1st)
* debian/apparmor.postinst: update the cached .md5sums file on upgrade to
  avoid running on install and then again on first boot after upgrade. This
  change only affects apt upgrades and not system-image upgrades since
  system-image upgrades always use the existing .md5sums if they exist (see
  /etc/system-image/writable-paths).
* ubuntu-manpage-updates.patch: adjust for move to upstart job and click
  policy
* debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in
  foreach_configured_profile() when loading valid cache files. This used to
  be needed when apparmor_parser would generate different binary caches when
  compiling policy one profile at a time and all at once. That bug is long
  fixed and removing -n1 gives a significant performance improvement for
  boots with valid cache files (~65% on armhf)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:apparmor
This branch contains Public information 
Everyone can see this information.

Subscribers