~xnox/livecd-rootfs:apparmor

Branch merges

Propose for merging

Merged into livecd-rootfs:ubuntu/master at revision b14f79ce2e9a18b5832c5488146dbdd7edcd65dd

Ubuntu Core Development Team: Pending requested 2020-07-17

Diff: 344 lines (+117/-0)

35 files modified

live-build/apparmor/generic.features (+78/-0)
live-build/apparmor/generic/capability (+1/-0)
live-build/apparmor/generic/caps/mask (+1/-0)
live-build/apparmor/generic/dbus/mask (+1/-0)
live-build/apparmor/generic/domain/attach_conditions/xattr (+1/-0)
live-build/apparmor/generic/domain/change_hat (+1/-0)
live-build/apparmor/generic/domain/change_hatv (+1/-0)
live-build/apparmor/generic/domain/change_onexec (+1/-0)
live-build/apparmor/generic/domain/change_profile (+1/-0)
live-build/apparmor/generic/domain/computed_longest_left (+1/-0)
live-build/apparmor/generic/domain/fix_binfmt_elf_mmap (+1/-0)
live-build/apparmor/generic/domain/post_nnp_subset (+1/-0)
live-build/apparmor/generic/domain/stack (+1/-0)
live-build/apparmor/generic/domain/version (+1/-0)
live-build/apparmor/generic/file/mask (+1/-0)
live-build/apparmor/generic/mount/mask (+1/-0)
live-build/apparmor/generic/namespaces/pivot_root (+1/-0)
live-build/apparmor/generic/namespaces/profile (+1/-0)
live-build/apparmor/generic/network/af_mask (+1/-0)
live-build/apparmor/generic/network/af_unix (+1/-0)
live-build/apparmor/generic/network_v8/af_mask (+1/-0)
live-build/apparmor/generic/policy/set_load (+1/-0)
live-build/apparmor/generic/policy/versions/v5 (+1/-0)
live-build/apparmor/generic/policy/versions/v6 (+1/-0)
live-build/apparmor/generic/policy/versions/v7 (+1/-0)
live-build/apparmor/generic/policy/versions/v8 (+1/-0)
live-build/apparmor/generic/ptrace/mask (+1/-0)
live-build/apparmor/generic/query/label/data (+1/-0)
live-build/apparmor/generic/query/label/multi_transaction (+1/-0)
live-build/apparmor/generic/query/label/perms (+1/-0)
live-build/apparmor/generic/rlimit/mask (+1/-0)
live-build/apparmor/generic/signal/mask (+1/-0)
live-build/auto/build (+3/-0)
live-build/functions (+4/-0)
live-build/seccomp/generic.actions_avail (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

b14f79c... by Dimitri John Ledkov on 2020-07-17

apparmor: compile all profiles

31861fd... by Dimitri John Ledkov on 2020-07-17

seccomp: mount more up-to-date seccomp features

bc4d32a... by Dimitri John Ledkov on 2020-07-17

seccomp: add more up-to-date seccomp actions

a14a31b... by Dimitri John Ledkov on 2020-07-17

apparmor: mount more up-to-date apparmor features in the chroot.

37be000... by Dimitri John Ledkov on 2020-07-17

apparmor: Add generic v5.4 kernel apparmor features

3694cf3... by Dimitri John Ledkov on 2020-07-17

releasing package livecd-rootfs version 2.675

6e6ab16... by Dimitri John Ledkov on 2020-07-17

live-server: remove duplicate snaps, due to overlayfs vs snap-preseed.

1ca11c9... by Robert C Jennings on 2020-07-15

Apply snap-preseed optimizations after seeding snaps

The snap-preseed command can do a number of things during the build
that are currently performed at first boot (apparmor profiles, systemd
unit generation, etc). This patch adds a call to reset the seeding and
apply these optimizations when adding a seeded snap. As a prerequisite
to calling snap-preseed we need to make /dev/mem available as well as
mounts from the host to perform this work, so those are also added here.

2513613... by Steve Langasek on 2020-07-16

releasing package livecd-rootfs version 2.674

4c504f6... by David Krauser on 2020-07-16

Fix broken minimal cloud image boot on amd64

I recently pulled initramfs logic out of the base build hook, and
dropped that into the `replace_kernel` function. Any cloud image that
does not leverage the generic virtual kernel was expected to call
`replace_kernel` to pull in a custom kernel. That function will
disable initramfs boot for images that use a custom kernel.

Minimal cloud images on amd64 use the linux-kvm kernel, but the build
hook does not utilize the `replace_kernel` function. Instead, the
kernel flavor is set in `auto/config`. I pulled that logic out of
`auto/config` and am now calling `replace_kernel` in the build hook.

I also moved a call to generate the package list so that it will pick
up the change to the linux-kvm kernel.