Last commit made on 2020-05-11
Get this branch:
git clone -b ubuntu/devel https://git.launchpad.net/ubuntu/+source/apparmor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

2d16cbb... by Sergio Durigan Junior on 2020-05-11

Update changelog for 2.13.3-7ubuntu6 release

66b5f2e... by Sergio Durigan Junior on 2020-05-08

Add missing "boot_id" rule to abstractions/nameservice. (LP: #1872564)

- d/p/upstream-commit-454fca7-Add-run-variable.patch: Add the
  definition for the "@{run}" variable.
- d/p/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch:
  Add trailing slash to the "@{run}" variable.
- d/p/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch:
  Add a missing rule to allow systemd to access
  @{PROC}/sys/kernel/random/boot_id and @{run}/systemd/userdb.
- d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'.

7063385... by Jamie Strandboge on 2020-04-12

Import patches-unapplied version 2.13.3-7ubuntu5 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 9dda95770f3a4084e42c379400315cd54ddf1b04

New changelog entries:
  * snapd 2.44.3+20.04 introduced an apparmor unit of its own to load snap
    policy in /var/lib/snapd/apparmor/profiles. As such, don't load snapd
    policy twice by not loading it in the apparmor unit (LP: 1871148)
    - ubuntu/stop-loading-snapd-profiles.patch: stop loading snapd profiles
    - debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
      versions assume that apparmor will load the snapd policy on boot
    - debian/apparmor.service: remove the now unneeded RequiresMountsFor on
  * drop ubuntu/parser-conf-no-expr-simplify.patch: Optimize=no-expr-simplify
    was added to parser.conf to mitigate slow snap policy compiles on 32bit
    ARM. These days, snapd calls apparmor_parser with "-O no-expr-simplify"
    and loads its snap policy, so drop this delta with upstream and Debian.

9dda957... by Jamie Strandboge on 2020-04-06

Import patches-unapplied version 2.13.3-7ubuntu4 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 27f7829b4518c3fecaf67d3883612472deea349f

New changelog entries:
  * debian/apparmor.service: add /var/lib/snapd/apparmor/profiles to
    RequiresMountsFor since Ubuntu's rc.apparmor.functions looks for it
    (LP: #1871148)
  * libnss-systemd.patch: allow accessing the libnss-systemd VarLink sockets
    and DBus APIs. Patch partially based on work by Simon Deziel.
    (LP: #1796911, LP: #1869024)
  * upstream-mr-424-kerberos-dot-dirs.patch: abstractions/kerberosclient:
    allow reading /etc/krb5.conf.d/
  * upstream-mr-442-gnome-user-themes.patch: gnome abstraction: allow reading
    per-user themes from $XDG_DATA_HOME (Closes: #930031)
  * upstream-mr-443-ecryptfs-dirs.patch: abstractions/base: allow read access
    to top-level ecryptfs directories (LP: #1848919)
  * upstream-mr-445-uuidd-request.patch: abstractions/base: allow read access
    to /run/uuidd/request
  * upstream-mr-464-Mesa_i915_perf_interface.patch: let Mesa check if the
    kernel supports the i915 perf interface. Patch from Debian

27f7829... by Christian Ehrhardt  on 2020-04-01

changelog: fix mdns abstraction to include mdns.allow (LP: #1869629)

Signed-off-by: Christian Ehrhardt <email address hidden>

0d6b13a... by Christian Ehrhardt  on 2020-04-01

fix mdns abstraction to include mdns.allow (LP: #1869629)

Signed-off-by: Christian Ehrhardt <email address hidden>

2bccd22... by Matthias Klose on 2020-02-18

Import patches-unapplied version 2.13.3-7ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: be916b23f6cb0ee920e8291d116720beb5f9e059

New changelog entries:
  * No-change rebuild to drop python3.7.

be916b2... by Jamie Strandboge on 2019-12-17

Import patches-unapplied version 2.13.3-7ubuntu1 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 5a569d8e6e0f60b1ba880dd8ed56e3df6e60d4a1

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
      + upstream-dont-allow-fontconfig-cache-write.patch
      + upstream-tests-mult-mount-bump-size-of-created-disk.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - python3.8-ac.diff
  * debian/control: drop Breaks on media-hub, mediascanner2.0, messaging-app,
    and webbrowser-app which was needed for upgrades to bionic (LP: #1797242)
  * upstream-adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
  * upstream-adjust-gnome-for-mimeapps.patch: abstractions/gnome: also allow
    /etc/xdg/mimeapps.list (LP: #1792027)

5a569d8... by intrigeri on 2019-11-15

Import patches-unapplied version 2.13.3-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 40982fc2547cb18ccde40a31966aabe1d1ac9709

New changelog entries:
  * Add explicit build dependency on dh-python, so that this package
    can built with python3-defaults 3.7.5-3.

40982fc... by intrigeri on 2019-10-29

Import patches-unapplied version 2.13.3-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f36f416127687b0c399e81a475dcc788c02fc89c

New changelog entries:
  [ Matthias Klose ]
  * debian/rules: ensure "set -e" is honored (Closes: #943649).
  * Add upstream-mr-430-Fix-a-Python-3.8-autoconf-check.patch (Closes: #943657).