ubuntu/+source/apparmor:ubuntu/xenial-proposed

Last commit made on 2018-02-21
Get this branch:
git clone -b ubuntu/xenial-proposed https://git.launchpad.net/ubuntu/+source/apparmor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-proposed
Repository:
lp:ubuntu/+source/apparmor

Recent commits

2591c62... by Christian Ehrhardt  on 2018-02-20

Import patches-unapplied version 2.10.95-0ubuntu2.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: a983c53cb5b63b027147378e177ed365223615ea

New changelog entries:
  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <email address hidden>

a983c53... by Seyeong Kim on 2018-01-08

Import patches-unapplied version 2.10.95-0ubuntu2.8 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: b586c9e64ffc1430daa1be88c470a77c5b93dea1

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

b586c9e... by Steve Langasek on 2017-08-25

Import patches-unapplied version 2.10.95-0ubuntu2.7 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 59a6b1b97aae6717a8dae17038075aa9679b98fd

New changelog entries:
  * Remove initramfs-tools from the dependencies; this isn't used and the
    dependency has been dropped in later releases. LP: #1713169.

59a6b1b... by Tyler Hicks on 2017-03-15

Import patches-unapplied version 2.10.95-0ubuntu2.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a684737ee189a0da0382ec8f63eee6c99766d2f9

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script or upstart job
    as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

a684737... by Tyler Hicks on 2016-10-07

Import patches-unapplied version 2.10.95-0ubuntu2.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 2a90832d880fe81ae63db1a5ab231862572cdcbc

New changelog entries:
  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests for stacking so that the kernel SRU process is not
    interrupted by failing tests whenever the AppArmor stacking features are
    backported from the 16.10 kernel or when the 16.04 LTS Enablement Stack
    receives a 4.8 or newer kernel
    - debian/patches/r3509-tests-fix-exec_stack-errors-1.patch: Fix the
      exec_stack.sh test when running on 4.8 or newer kernels (LP: #1628745)
    - debian/patches/r3558-tests-fix-exec_stack-errors-2.patch: Adjust the
      exec_stack.sh fix mentioned above to more accurately test kernels older
      than 4.8 (LP: #1630069)
    - debian/patches/allow-stacking-tests-to-use-system.patch: Apply this
      patch earlier in the series, as to match when it was committed upstream,
      so that the above two patches can be cherry-picked from lp:apparmor

2a90832... by Tyler Hicks on 2016-09-28

Import patches-unapplied version 2.10.95-0ubuntu2.4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 034e81484eb19f8f11378d1cc9ecdb3f4b4a4f86

New changelog entries:
  * debian/patches/r3505-tests-fix-stacking-mode-checks.patch: Fix failing
    regression tests so that the kernel SRU process is not interrupted by
    failing stackonexec.sh and stackprofile.sh tests (LP: #1628295)

034e814... by Tyler Hicks on 2016-08-26

Import patches-unapplied version 2.10.95-0ubuntu2.3 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: c0cebdf5c3ec0dabe6c9f3891c879540b9c2735d

New changelog entries:
  * debian/patches/allow-access-to-ibus-socket.patch: Adjust the ibus
    abstraction to allow access to the abstract UNIX domain socket location
    used in Ubuntu. (LP: #1580463)
  * debian/lib/apparmor/functions: Quiet the "Files ... and ... differ"
    output, during the update process, which was printed by diff. This message
    left users concerned since it mentioned md5sums files without being clear
    about what was happening. (LP: #1614215)

c0cebdf... by Tyler Hicks on 2016-08-01

Import patches-unapplied version 2.10.95-0ubuntu2.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 1069880e5cb078096a93437fbd50282de9c80e03

New changelog entries:
  * r3498-r3499-ignore-net-events-that-look-like-file-events.patch: Prevent an
    aa-logprof crash by ignoring file events that contains send *and* receive
    in the request mask. This is an improvement to the previous fix that only
    addressed events that contained send *or* receive.
    (LP: #1577051, LP: #1582374)
    - debian/rules: Create a new empty file, needed for the test added by this
      patch, since quilt is unable to do so.

1069880... by Tyler Hicks on 2016-07-28

Import patches-unapplied version 2.10.95-0ubuntu2.1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 786f15391477bb5b4c5eb457061261c9d04407d2

New changelog entries:
  * debian/patches/r3460-ignore-file-events-with-send-or-receive-request.patch:
    Prevent an aa-logprof crash by ignoring file events that contains
    send or receive in the request mask. (LP: #1577051, LP: #1582374)
  * debian/patches/r3463-r3475-change-profile-exec-modes.patch: Allow policy
    authors to specify if the environment should scrubbed during exec
    transitions allowed by a change_profile rule. (LP: #1584069)
  * debian/patches/r3478-make-overlapping-safe-and-unsafe-rules-conflict.patch:
    Make sure that multiple change_profile rules with overlapping safe and
    unsafe exec modes conflict when they share the same exec conditional
    (LP: #1588069)
  * debian/patches/r3488-r3489-fix-racy-onexec-test.patch: Fix racy regression
    test so that the kernel SRU process is not interrupted by the onexec.sh
    periodically failing. (LP: #1528230)
  * debian/patches/r3490-utils-handle-change-profile-exec-modes.patch: Update
    the Python utilities to handle the new exec mode keywords in
    change_profile rules. (LP: #1584069)
  * debian/patches/r3492-allow-dbus-user-session-path.patch: Allow read/write
    access to the dbus-user-session socket file in profiles that include the
    dbus-session-strict abstraction. (LP: #1604872)

786f153... by Tyler Hicks on 2016-04-12

Import patches-unapplied version 2.10.95-0ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 54f1f709d944d79abe8c1901ca9e6ec5f28db642

New changelog entries:
  * debian/patches/r3435-allow-dnsmasq-access-to-lxd-bridge.patch: Grant
    access to the new default bridge configuration in LXD 2.0.0 (LP: #1566944)
  * debian/patches/r3437-add-attach-disconnected-to-dnsmasq.patch: Add the
    attach_disconnected flag to the dnsmasq profile in order to prevent a
    disconnected path denial triggered by the latest network-manager upload
    (LP: #1569316)
  * debian/lib/apparmor/functions: Reference the new path used for snapd
    AppArmor profiles to fix a bug which left those profiles unloaded after
    booting (LP: #1569573)