Created by Kees Cook and last modified
Get this branch:
bzr branch lp:~ubuntu-core-dev/apparmor/master
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu Core Development Team

Recent revisions

1514. By Jamie Strandboge

debian/patches/parser-allow-unspec-in-network-rules.patch: Allow
apparmor_parser to support rules that use 'unspec' as the network protocol
family. (LP: #1546455)

1513. By Jamie Strandboge

apparmor (2.10-3ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/apparmor.init,apparmor.upstart,debian/lib/apparmor/functions:
       clear only the system cache if apparmor version has changed on snappy
       flavors since snappy will handle the app's cache itself
    - debian/apparmor.install: install tunables/home.d and
    - debian/apparmor-utils.dirs: install usr/bin and usr/share/apparmor
    - debian/control:
      + make libnotify-bin a Suggests rather than a Recommends since it is
        assumed to already be installed on the desktop and so server
        environments don't have to pull in a lot of X dependencies
        (LP: #1061879)
      + apparmor-easyprof in section 'admin'
      + apparmor Depends on initramfs-tools | linux-initramfs-tool [linux-any]
      + apparmor Breaks on lightdm (<< 1.11.8-0ubuntu2~),
        lxc (<< 1.1.0~alpha1-0ubuntu5~)
    - drop debian/patches/reproducible-pdf.patch (not applied in series)
  * drop debian/patches/fix-abstraction-for-python3.5.patch in favor of
  * debian/patches/series: comment out notify-group.patch
  * debian/patches/non-linux.patch: refresh
  * debian/patches/r3366-networkd.patch: use this instead of dropped Ubuntu
    lp1529074.patch for NetworkManager and networkd support

 -- Jamie Strandboge <email address hidden> Tue, 16 Feb 2016 08:49:31 -0600

apparmor (2.10-3) unstable; urgency=medium

  * Team upload.

  [ intrigeri ]
  * Drop libapparmor-mention-dbus-method-in-getcon-man.patch (Closes: #800132)

  [ Felix Geyer ]
  * Update python abstraction for python 3.5.
    - Pull r3277-update-python-abstraction.patch from upstream

 -- Felix Geyer <email address hidden> Mon, 25 Jan 2016 22:50:13 +0100

apparmor (2.10-2) unstable; urgency=medium

  [ Felix Geyer ]
  * Apply aa-status-dont_require_python3-apparmor.patch, to keep
    the hard dependencies of the apparmor binary package minimal.
  * python{,3}-apparmor: require at least the same upstream version
    of python{,3}-libapparmor.

  [ intrigeri ]
  * Drop abstractions-ubuntu-browsers.patch: integrated upstream
    (in a slightly different way).
  * debian/control: don't start short description with capital letter.
    (Closes: #795434)
  * r3227-locale-indep-capabilities-sorting.patch: cherry-pick from upstream,
    to make (more of?) the build reproducible. (Closes: #797415)
  * Merge from ubuntu-citrain up to revision 1578, that is changes brought
    by 2.10-0ubuntu3 to 2.10-0ubuntu6.
  * Upload to unstable.

 -- intrigeri <email address hidden> Tue, 18 Aug 2015 09:48:54 +0200

apparmor (2.10-1) experimental; urgency=medium

  [ intrigeri ]
  * Merge ubuntu-citrain up to revision 1575, except:
    - previously documented changes
    - debian/patches/aa-status-dont_require_python3-apparmor.patch:
      don't apply, only relevant for Ubuntu Phone
  * debian/patches/r3209-dnsmasq-allow-dash: cherry-pick from upstream.
  * debian/patches/pass-compiler-flags.patch: refresh.
  * Update upstream signing key.
  * apparmor-utils: make the Depends on python3-apparmor versioned.
    (Closes: #785436)
  * Override the "apparmor source: usr-lib-perl5-mentioned rules" error.
    We replace usr/lib/perl5 with the corresponding multiarch path
    in debian/rules, as a consequence this file contains this string.
  * python-apparmor, python3-apparmor: add Lintian overrides for
    the extended-description-is-probably-too-short tag.
  * debian/control: stuff out a bit apparmor-utils' extended description.

  [ Felix Geyer ]
  * Add Brazilian Portuguese translation of debconf messages.
    Thanks to Adriano Rafael Gomes. (Closes: #788342)
  * Use dh_apparmor from this source package for apparmor-profiles.
    (Closes: #656451)
  * Make debian/rules safer:
    - Add set -e to loops.
    - Use "&&" when chaining shell commands.

 -- intrigeri <email address hidden> Thu, 13 Aug 2015 23:42:10 +0200

1512. By Martin Pitt

releasing package apparmor version 2.10-0ubuntu12

1511. By Martin Pitt

Call systemd-detect-virt instead of the Ubuntu specific
running-in-container wrapper. (LP: #1539016)

1510. By Martin Pitt

releasing package apparmor version 2.10-0ubuntu11

1509. By Jamie Strandboge

* debian/patches/lp1529074.patch: for systems using networkd, add read on
  /run/systemd/resolve/resolv.conf (LP: #1529074)
* No change rebuild for perl 5.22
* debian/patches/fix-abstraction-for-python3.5.patch: adjust python
  abstraction for python 3.5
* debian/apparmor.init,apparmor.upstart: clear only the system cache if
  apparmor version has changed on snappy flavors since snappy will handle
  the app's cache itself
* debian/lib/apparmor/functions:
  - compile /var/lib/snappy/apparmor/profiles policy
  - add compare_previous_version()
  - refactor clear_cache()
  - compare_and_save_debsums() checks if $PROFILES_VAR exists
* debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
  (LP: #1491147, LP: #1384431)
* Rebuild against python3.5.
* debian/patches/parser-fix-cache-file-mtime-regression.patch: Fix a bug
  that resulted in the mtime of generate policy cache files to be set
  incorrectly. The mtime of cache files should be the newest mtime detected
  on the profile and abstraction files used to generate the policy cache
  file. However, the bug caused the mtime of the policy cache file to either
  not be updated or to be updated to an incorrect time. (LP: #1484178)
* debian/patches/parser-verify-cache-file-mtime.patch: Add tests to verify
  that the policy cache file's mtime is being set correctly and that cache
  handling is correct when the profile or abstraction files are newer than
  the policy cache file.
* debian/patches/parser-run-caching-tests-without-apparmorfs.patch,
  debian/patches/parser-do-cleanup-when-test-was-skipped.patch: Enable the
  caching tests to run on the buildds even though apparmorfs isn't mounted.
* debian/patches/aa-status-dont_require_python3-apparmor.patch:
  make aa-status(8) work even when python3-apparmor is not installed,
  otherwise dh_apparmor postinst snippets can fail (LP: #1480492)
* debian/control: make apparmor-utils depend on the same package
  version of python3-apparmor
* Update to apparmor 2.10
  - libapparmor added functions to ease loading profile cache files to
    help support systemd on-demand load of policy (LP: #1385414)
  - apparmor parser: fixed policy generation to allow matching
    embedded NULs in abstract unix socket names (LP: #1413410)
  - aa-status: don't traceback when not permitted to read current
    set of apparmor policy (LP: #1466768)
  - aa-logprof: don't crash on policies that have an #include of a
    directory (LP: #1471425)
  - aa-logprof: fix crash when network rejections occur when file
    operations are performed on network sockets (LP: #1466812)
* dropped reproducible-pdf.patch, incorporated upstream
* debian/patches/tests-fix_sysctl_test.patch: fix sysctl test failure
  with 4.1 kernel and newer.
* debian/control: add alternate dependency on linux-initramfs-tool
  (LP: #1109029)
* debian/libapparmor1.symbols: update symbols file for added symbols
  in libapparmor
* No-change rebuild for python3.5 transition
* Update to apparmor 2.9.2
  - Fix minitools to work with multiple profiles at once (LP: #1378095)
  - Parse mounts that have non-ascii UTF-8 chars (LP: #1310598)
  - Update dovecot profiles (LP: #1296667)
  - Allow ubuntu-helpers to build texlive fonts (LP: #1010909)
* dropped patches incorporated upstream:
  add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch
  GDM_X_authority-lp1432126.patch, and
* Partial merge with debian apparmor package:
  - debian/rules: enable the bindnow hardening flag during build.
  - debian/upstream/signing-key.asc: add new upstream public
    signing key
  - debian/watch: fix watch file, add gpg signature checking
  - install libapparmor.so dev symlink under /usr not /lib
  - debian/patches/reproducible-pdf.patch: make techdoc.pdf
    reproducible even in face of timezone variations.
  - debian/control: sync fields
  - debian/debhelper/postrm-apparmor: remove
    /etc/apparmor.d/{disable,} on package purge
  - debian/libapache2-mod-apparmor.postrm: on package purge, delete
    /etc/apparmor.d/{,disable} if empty
  - debian/libapparmor1.symbols: Use Build-Depends-Package in the
    symbols file.
  - debian/copyright: sync
* Make debian/lib/apparmor/profile-load executable.

1508. By Jamie Strandboge

[ Steve Beattie ]
* debian/rules: run make check on the libapparmor library
* add-chromium-browser.patch: add support for chromium policies
  (LP: #1419294)
* debian/apparmor.{init,upstart}: add support for triggering
  aa-profile-hook runs when packages are updated via snappy system
  image updates (LP: #1434143)
* parser-fix_modifier_compilation_+_tests.patch: fix compilation
  of audit modifiers for exec and pivot_root and deny modifiers on
  link rules as well as significantly expand related tests
  (LP: #1431717, LP: #1432045, LP: #1433829)
* tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
  around pivot_root test failures due to init=systemd (LP: #1436109)
* GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
  file to X abstraction (LP: #1432126)
[ Jamie Strandboge ]
* easyprof-framework-policy.patch: add --include-templates-dir and
  --include-policy-groups-dir options to easyprof to support framework
  policy on snappy
[ Robie Basak ]
* Add /lib/apparmor/profile-load; moved from
  /lib/init/apparmor-profile-load from the upstart package. A wrapper at
  the original path is now provided by init-system-helpers. (LP: #1432683)

1507. By Jamie Strandboge

sync with citrain branch. We should really not be maintaining two branches

1506. By Martin Pitt

releasing package apparmor version 2.8.98-0ubuntu4

1505. By Martin Pitt

Ship libapparmor in /lib instead of /usr as we want to use it in systemd
now. (LP: #1397960)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.