ubuntu/+source/apparmor:ubuntu/disco-updates

Last commit made on 2019-06-24
Get this branch:
git clone -b ubuntu/disco-updates https://git.launchpad.net/ubuntu/+source/apparmor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/disco-updates
Repository:
lp:ubuntu/+source/apparmor

Recent commits

e7d2ba8... by Jamie Strandboge on 2019-06-06

Import patches-unapplied version 2.13.2-9ubuntu6.1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 7c2b479e8367fdb640f81a503ed95e24efcfa4bf

New changelog entries:
  * lp1820068.patch: don't skip read cache when options are set (LP: #1820068)
  * reenable ubuntu/parser-conf-no-expr-simplify.patch

7c2b479... by Jamie Strandboge on 2019-04-15

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

3d828be... by Jamie Strandboge on 2019-04-02

Import patches-unapplied version 2.13.2-9ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 32f8c080edf632620f1ec4b0e90ad04293a4ec06

New changelog entries:
  * ubuntu/dont-include-site-local-with-dovecot.patch: don't include local/
    files in the dovecot extras profiles since the included path may not
    exist

32f8c08... by Jamie Strandboge on 2019-03-27

Import patches-unapplied version 2.13.2-9ubuntu4 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 31e6eb0614ac00d1db838244b57d7e66d94507d0

New changelog entries:
  * debian/tests/control and debian/tests/compile-policy: don't test
    thunderbird since the Ubuntu packaging doesn't ship a profile

31e6eb0... by Jamie Strandboge on 2019-03-27

Import patches-unapplied version 2.13.2-9ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 311ad46660024549a66e905f523ef078ed6c79ad

New changelog entries:
  * debian/tests/control: try Ubuntu kernel but mark skip-not-installable
  * debian/apparmor-profiles.postinst: add back copying
    ubuntu-browsers.d/chromium-browser (LP: #1821920)
  * debian/apparmor.postrm: remove parser-created subdirs

311ad46... by Jamie Strandboge on 2019-03-26

Import patches-unapplied version 2.13.2-9ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: d0c45f18ae693c81f66d7538868da270bd77c650

New changelog entries:
  * debian/debhelper/postrm-apparmor: don't quote the glob
  * debian/apparmor.preinst: remove cache files on upgrade to 2.13
  * New 2.13.2 release for Ubuntu (LP: #1817799). Notable changes:
    - Upstream AppArmor introduces the new cache forest rather than a single
      toplevel global cache directory which improves boot speed when booting
      between kernels with different feature sets. This cache forest is located
      in /var/cache/apparmor instead of /etc/apparmor.d/cache
    - This release uses a proper systemd unit rather than calling out to the
      SysV initscript
  * Merge from Debian (LP: #1817799). Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
  * Drop the following patches, no longer needed:
    - ubuntu/parser-include-usr-share-apparmor.patch
    - e99fa6c6054fa10a2b49d30967e993bd5764e77f.patch: cherry-pick upstream
      patch for usr-merge for useradd profile
    - ubuntu/lp1788929+1794848.patch
  * Do not apply the following Debian-specific patches:
    - d-only/pin-feature-set.patch
    - d-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
  * debian/put-all-profiles-in-complain-mode.sh: nvidia_modprobe should be in
    enforce mode
  * add but don't apply ubuntu/parser-conf-no-expr-simplify.patch: disable
    expr tree simplification to greatly speed up armhf. We might consider
    making this change armhf specific and/or limiting it to only the snapd
    policy in the future. (LP: 1383858). Once LP: 1820068 is fixed, we can
    reenable this patch
  * debian/control: Breaks on snapd < 2.38~ (the cache forest breaks snap
    remove)
  * debian/debhelper/postrm-apparmor: also remove cache files
  * add upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
  * regression testsuite fixes:
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * debian/apparmor-profiles.lintian-overrides: update for chromium-browser
    profile having read access to dpkg database for lsb-release

d0c45f1... by intrigeri on 2019-02-25

Import patches-unapplied version 2.13.2-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 09992540ccf73efa3e46f813e9fd38c36d518aa3

New changelog entries:
  * Revert "Add autopkgtest that checks if apparmor.service starts
    on package installation". It passes with the schroot and qemu
    backends locally but fails on ci.debian.net.

0999254... by intrigeri on 2019-02-24

Import patches-unapplied version 2.13.2-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f03b65d1704d4a0ce05c79c4220425644883c55a

New changelog entries:
  * Cherry-pick 5 more commits from upstream apparmor-2.13 branch
    (Closes: #921866).
  * Cherry-pick upstream MR!344 (Closes: #920833, #921888).
  * Install the nvidia_modprobe named profile (Closes: #921875)
    and add it to the list of profiles whose syntax is checked
    via autopkgtests.
  * Patch usr.sbin.smdb to include snippet generated at runtime
    (part of the fix for #896080).
  * New autopkgtest: ensure apparmor.service starts on
    package installation.
  * Update salsa CI pipeline.

f03b65d... by intrigeri on 2019-01-31

Import patches-unapplied version 2.13.2-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4571cfd829b3aa78d4a33b290bfa21dfcd72d7a9

New changelog entries:
  * Stop shipping /var/cache/apparmor/CACHEDIR.TAG (Closes: #920682)
  * New patches, cherry-picked from upstream !320, so the "audio"
    abstraction grants read access to Alsa and libao config files
    (Closes: #920669, #920670).

4571cfd... by intrigeri on 2019-01-28

Import patches-unapplied version 2.13.2-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b46606c5f0de4c6c622f09c1b4b8c7f81eddf124

New changelog entries:
  * initscript: implement missing aa_log_action_begin and
    aa_log_action_end functions (Closes: #917962).