lp:~xnox/apparmor/xnox-citrain
- Get this branch:
- bzr branch lp:~xnox/apparmor/xnox-citrain
Branch merges
- John Johansen: Approve
-
Diff: 59 lines (+9/-4)2 files modifieddebian/changelog (+8/-0)
debian/control (+1/-4)
Related source package recipes
Branch information
Recent revisions
- 1502. By Dimitri John Ledkov
-
* debian/control: mark apparmor M-A:foreign, typically it's only needed
for it's hosts tools, which some M-A:same packages exec.
* debian/control: drop using deprecated python*:Versions variables. - 1501. By Jamie Strandboge
-
* debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof- ubuntu
[ John Johansen, Steve Beattie ]
* Add userspace support for AppArmor signals and ptrace mediation
(LP: #1298611)
+ debian/patches/ mediate- signals. patch,
debian/patches/ change- signal- syntax. patch: Parse signal rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/ change- ptrace- syntax. patch,
debian/patches/ mediate- ptrace. patch: Parse ptrace rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/ test-signal- rules.patch,
debian/patches/ test-ptrace- rules.patch,
debian/patches/ update- tests-for- new-semantics. patch: Update existing
tests and add new tests for signal and ptrace mediation
+ debian/patches/ fix-garbage- in-preprocessor -output. patch: Fix bug causing
apparmor_parser preprocessor output to contain garbage after include
statements
+ debian/patches/ fix-double- comma-in- preprocessor- output. patch: Fix bug
causing apparmor_parser preprocessor output to contain double commas
after some rules
+ debian/patches/ symtab- tests-and- seenlist- bug.patch,
debian/patches/ add-profile- name-variable. patch: Add ${profile_name}
variable for use in profiles when rules need to specify the current
profile's name. This is useful for signal and ptrace rules that specify
+ debian/patches/ fix-names- treated- as-condlistid. patch: Fix
apparmor_parser bug that caused mount and dbus rules to fail for sets of
values
[ Jamie Strandboge ]
* debian/patches/ update- base-abstractio n-for-signals- and-ptrace. patch:
Adjust the base abstraction for signals and ptrace mediation. Profiles
that use the base abstraction can deny any of the granted permissions to
achieve tighter confinement.
* debian/patches/ manpage- signal- ptrace. patch: Update the apparmor.d man
page to document signal rules, ptrace rules, and variables for use in
AppArmor profiles
* debian/patches/ dnsmasq- libvirtd- signal- ptrace. patch: Update the dnsmasq
profile to allow libvirtd to send signals to and ptrace read the dnsmasq
process
* debian/patches/ update- chromium- browser. patch: Adjust the chromium-browser
profile for permissions needed in newer chromium-browser versions and add
the rules needed for AppArmor ptrace mediation
[ Tyler Hicks ]
* Add new rule type support to aa.py to fix tracebacks when using the Python
utilities in apparmor-utils on systems with AppArmor profiles containing
previously unsupported rule types
- debian/patches/ python- utils-file- support. patch: Support path rules
containing the "file" prefix (LP: #1295346)
- debian/patches/ python- utils-signal- support. patch: Parse and write signal
rules (LP: #1300316)
- debian/patches/ python- utils-ptrace- support. patch: Parse and write ptrace
rules (LP: #1300317)
- debian/patches/ python- utils-pivot_ root-support. patch: Parse and write
pivot_root rules (LP: #1298678) - 1500. By Jamie Strandboge
-
[ Tyler Hicks ]
* debian/patches/ initialize- mount-flags. patch: Initialize the variables
containing mount rule flags to zero. Otherwise, the parser may set
unexpected bits in the mount flags field for rules that do not specify
mount flags. The uninitialized mount flag variables may have caused
unexpected AppArmor denials during mount mediation. (LP: #1296459)
* debian/patches/ fix-typo- in-dbus_ write.patch: Fix a bug in the
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to write out network rules instead of dbus rules
* debian/patches/ limited- mount-rule- support. patch: Fix a bug in the
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a mount rule (LP: #1294825)
* debian/patches/ bare-capability -rule-support. patch: Fix a bug in the
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a bare capability rule
(LP: #1294819)
* debian/patches/ check-config- for-sysctl. patch,
debian/patches/ increase- swap-size. patch: Fix bugs in the regression test
suite that caused errors when running on ppc64el
* debian/patches/ test-v6- policy. patch,
debian/patches/ test-mount- mediation. patch: Improve the regression tests
by increasing the mount rule test coverage - 1499. By Jamie Strandboge
-
* autostart aa-notify via /etc/xdg/autostart instead of /etc/X11/Xsession.d
(LP: #1288241)
- remove debian/notify/ 90apparmor- notify
- add debian/notify/ apparmor- notify. desktop
- debian/apparmor- notify. install: adjust for the above
- add debian/apparmor- notify. maintscript to remove 90apparmor-notify
* debian/notify/ notify. conf: use_group should be set to "sudo" instead of
"admin" (LP: #1009666) - 1498. By Jamie Strandboge
-
debian/
lib/apparmor/ functions: properly calculate number of profiles in
/var/lib/apparmor/ profiles (LP: #1295816) - 1497. By Jamie Strandboge
-
debian/control: Depends on python-
pkg-resources for python-apparmor and
python3-pkg-resources for python3-apparmor to fix autopkgtests in
click-apparmor and apparmor-easyprof- ubuntu - 1496. By Jamie Strandboge
-
2.8.95~
2430-0ubuntu1 pushed to trusty-proposed [ Jamie Strandboge ]
* debian/debhelper/ dh_apparmor: exit with error if aa-easyprof does not
exist
* debian/control: drop Depends on apparmor-easyprof to Suggests for
dh-apparmor
[ Seth Arnold, Jamie Strandboge, Steve Beattie, John Johansen, Tyler Hicks ]
* New upstream snapshot (LP: #1278702, #1061693, #1285653) dropping very
large Ubuntu delta and fixing the following bugs:
- Adjust fonts abstraction for libthai (LP: #1278702)
- Support translated XDG user directories (LP: #1061693)
- Adjust abstractions/web-data to include /var/www/html (LP: #1285653)
Refresh 0002-add-debian- integration- to-lighttpd. patch to include
/etc/lighttpd/ conf-available/ *.conf
- Adjust debian/libapparmor1. symbols to reflect new upstream versioning
for the aa_query_label() function
- Raise exceptions in Python bindings when something fails
* ship new Python replacements for previous Perl-based tools
- debian/apparmor- utils.install: remove usr/share/ perl5/Immunix/ *.pm and
add usr/sbin/aa-autodep, usr/sbin/ aa-cleanprof and usr/sbin/ aa-mergeprof
- debian/control:
+ remove various Perl dependencies
+ add python-apparmor and python3-apparmor
+ python3-apparmor Breaks: apparmor-easyprof to move the file since it
ships dist-packages/apparmor/ __init_ _.py now
- debian/apparmor- utils.manpages: ship new manpages for aa-cleanprof and
aa-mergeprof
- debian/rules: build and install Python tools
* debian/apparmor. install:
- install apparmorfs, dovecot, kernelvars, securityfs, sys,
and xdg-user-dirs tunables and xdg-user-dirs.d directory
* debian/apparmor. dirs:
- install /etc/apparmor.d/tunables/ xdg-user- dirs.d
* debian/rules: delete upstream-provided xdg-user-dirs.d/ site.local
* debian/apparmor. postinst: create xdg-user- dirs.d/ site.local
* debian/apparmor. postrm: remove xdg-user-dirs.d
* Remaining patches:
- add-chromium-browser. patch
- add-debian-integration- to-lighttpd. patch
- ubuntu-manpage- updates. patch
- libapparmor-layout- deb.patch
- libapparmor-mention- dbus-method- in-getcon- man.patch
- etc-writable.patch
- aa-utils_are_bilingual. patch
* New patches:
- convert-to-rules. patch
- list-fns.patch
- parse-mode.patch
- add-decimal-interp. patch
- policy_mediates. patch
- fix-failpath.patch
- feature_file.patch
- fix-network.patch
- aare-to-class.patch
- add-mediation-unix.patch
- parser_version. patch
- caching.patch
- label-class.patch
- fix-lexer-debug.patch
- use-diff-encode. patch
- fix-serialize.patch
- fix-ppc-endian- ftbfs.patch
- opt_arg.patch
- tests-cond-dbus.patch
* Move manpages from libapparmor1 to libapparmor-dev
- debian/libapparmor- dev.manpages: install aa_change_hat.2,
aa_change_ profile. 2, aa_find_ mountpoint. 2, aa_getcon.2
- debian/control: libapparmor-dev Replaces: and Breaks: libapparmor1
* Move /usr/lib/python3/ dist-packages/ apparmor/ __init_ _.py from
apparmor-easyprof to python3-apparmor
- debian/control: python3-apparmor Breaks: apparmor-easyprof
- debian/apparmor- easyprof. install: remove
usr/lib/python* .*/site- packages/ apparmor*
* New profiles and abstractions:
- debian/apparmor. install: tunables/dovecot, tunables/ kernelvars,
tunables/xdg-user- dirs, tunables/ xdg-user- dirs.d
* Test merge from upstream new pyutils branch (rev 2385) - 1495. By jdstrand <Jamie Strandboge <email address hidden>>
-
[ Tyler Hicks ]
* 0084-parser-add-dbus- eavesdrop- perm.patch: Add an eavesdrop permission to
the dbus rule type, allowing confined applications to eavesdrop. The only
valid conditional for eavesdrop rules is 'bus'. See the apparmor.d(5) man
page for more information. (LP: #1262440)
[ Steve Beattie ]
* 0085-push-normalize- tree-ops- into-expr- tree-classes. patch: Improve
parser performance in some cases
[ John Johansen ]
* 0086-add-diff-state- compression- to-dfa. patch: Implement differential
state compression in the parser
* 0087-fix-dfa-minimizatio n.patch: Fix a parser bug that caused some DFAs to
not be fully minimized (LP: #1262938)
* 0088-fix-pol-generation- for-small- dfas.patch: Fixes bugs in the parser
when generating policy for some small DFAs - 1494. By Jamie Strandboge
-
[ Jan Rękorajski ]
* 0082-parser-fix-FTBFS- with-bison- 3.patch: Fix parser FTBFS with bison 3
[ Steve Beattie ]
* 0083-libapparmor-require- libtoolize. patch: Fix FTBFS by switching
the autogen.sh script to use libtoolize instead of libtool
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12
