Ubuntu
apparmor package

apparmor 2.10.95-0ubuntu2.5~14.04.1 source package in Ubuntu

Changelog

apparmor (2.10.95-0ubuntu2.5~14.04.1) trusty; urgency=medium

  * Bring apparmor 2.10.95-0ubuntu2.5, from Ubuntu 16.04, to Ubuntu 14.04.
    - This allows for proper snap confinement on Ubuntu 14.04 when using the
      hardware enablement kernel (LP: #1641243)
  * Changes made on top of 2.10.95-0ubuntu2.5:
    - debian/apparmor.upstart: Remove the upstart job and continue using the
      init script in 14.04
    - debian/apparmor.postinst, debian/apparmor-profiles.postinst,
      debian/apparmor-profiles.postrm, debian/rules: Revert to using
      invoke-rc.d to load the profiles, rather than reloading them directly,
      since 14.04 will continue using the init script rather than the upstart
      job.
    - debian/apparmor.init, debian/lib/apparmor/functions,
      debian/apparmor.postinst, debian/apparmor.postrm: Remove functionality
      dealing with AppArmor policy in system image based environments since
      this 14.04 package will not need to handle such environments. This
      removes the handle_system_policy_package_updates(),
      compare_previous_version(), compare_and_save_debsums() functions and
      their callers.
    - debian/apparmor.init: Continue using running-in-container since
      systemd-detect-virt doesn't exist on 14.04
    - debian/lib/apparmor/functions, debian/apparmor.init: Remove the
      is_container_with_internal_policy() function and adjust its call sites
      in apparmor.init so that AppArmor policy is not loaded inside of 14.04
      LXD containers (avoids bug #1641236)
    - debian/lib/apparmor/profile-load, debian/apparmor.install: Remove
      profile-load as upstart's apparmor-profile-load is used in 14.04
    - debian/patches/libapparmor-mention-dbus-method-in-getcon-man.patch:
      Continue applying this patch since the dbus version in 14.04 isn't new
      enough to support fetching the AppArmor context from
      org.freedesktop.DBus.GetConnectionCredentials().
    - debian/patches/libapparmor-force-libtoolize-replacement.patch: Force
      libtoolize to replace existing files to fix a libapparmor FTBFS issue on
      14.04.
    - debian/control: Retain the original 14.04 Breaks and ignore the new
      Breaks from 2.10.95-0ubuntu2.5 since they were put in place as part of
      the enablement of UNIX domain socket mediation. They're not needed in
      this upload since UNIX domain socket mediation is disabled by default so
      updates to the profiles included in those packages are not needed.
    - Preserve the profiles and abstractions from 14.04's
      2.8.95~2430-0ubuntu5.3 apparmor package by recreating them in the
      top-level profiles-14.04/ directory of the source. They'll be installed
      to debian/tmp/etc/apparmor.d/ during the build process and then to
      /etc/apparmor.d/ on package install so that there are no changes to the
      shipped profiles or abstractions. The abstractions from
      2.10.95-0ubuntu2.5 will be installed into
      debian/tmp/snap/etc/apparmor.d/ during the build process and then into
      /etc/apparmor.d/snap/abstractions/ on package install for use with snap
      confinement. Snap confinement profiles, which includes AppArmor profiles
      loaded by snapd and profiles loaded by snaps that are allowed to manage
      AppArmor policy, will use the snap abstractions. All other AppArmor
      profiles will continue to use the 14.04 abstractions.
      - debian/rules: Adjust for new profiles-14.04/ directory
      - debian/apparmor-profiles.install: Adjust to install the profiles that
        were installed in the 2.8.95~2430-0ubuntu5.3 package
      - debian/apparmor.install: Install the abstractions from the
        2.10.95-0ubuntu2.5 package into /etc/apparmor.d/snap/abstractions/
      - debian/patches/14.04-profiles.patch: Preserve the 14.04 profiles and
        abstractions from the 2.8.95~2430-0ubuntu5.3 apparmor package.
      - debian/patches/conditionalize-post-release-features.patch: Disable new
        mediation features, implemented after the Ubuntu 14.04 release, unless
        the profile is for snap confinement. If the profile is for snap
        confinement, the abstractions from /etc/apparmor.d/snap/abstractions
        will be used and all of the mediation features will be enabled.
    - 14.04-add-chromium-browser.patch,
      14.04-add-debian-integration-to-lighttpd.patch,
      14.04-etc-writable.patch,
      14.04-update-base-abstraction-for-signals-and-ptrace.patch,
      14.04-dnsmasq-libvirtd-signal-ptrace.patch,
      14.04-update-chromium-browser.patch,
      14.04-php5-Zend_semaphore-lp1401084.patch,
      14.04-dnsmasq-lxc_networking-lp1403468.patch,
      14.04-profiles-texlive_font_generation-lp1010909.patch,
      14.04-profiles-dovecot-updates-lp1296667.patch,
      14.04-profiles-adjust_X_for_lightdm-lp1339727.patch: Import all of the
      patches, from 14.04's 2.8.95~2430-0ubuntu5.3 apparmor package, which
      patched profiles/ and adjust them to patch profiles-14.04/ instead.
    - debian/patches/revert-r2550-and-r2551.patch: Revert two upstream changes
      to mod_apparmor which could potentially regress existing users of
      mod_apparmor in 14.04. These upstream changes are not appropriate for an
      SRU.

 -- Tyler Hicks <email address hidden>  Wed, 30 Nov 2016 16:36:02 +0000

Upload details

Uploaded by:
Tyler Hicks
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apparmor_2.10.95.orig.tar.gz 4.3 MiB 3f659a599718f4a5e2a33140916715f574a5cb3634a6b9ed6d29f7b0617e4d1a
apparmor_2.10.95-0ubuntu2.5~14.04.1.debian.tar.gz 177.8 KiB 2e6baa0d55b5f250534096032f5f87f781e97eb59547c6b3751f4d819ccec946
apparmor_2.10.95-0ubuntu2.5~14.04.1.dsc 3.1 KiB a1aa805e766861273e4de3b42601193e41a5d38e0168964ae6cde1da408bbe8c

View changes file

Binary packages built by this source

apparmor: user-space parser utility for AppArmor

 This provides the system initialization scripts needed to use the
 AppArmor Mandatory Access Control system, including the AppArmor Parser
 which is required to convert AppArmor text profiles into machine-readable
 policies that are loaded into the kernel for use with the AppArmor Linux
 Security Module.

apparmor-dbgsym: debug symbols for package apparmor

 This provides the system initialization scripts needed to use the
 AppArmor Mandatory Access Control system, including the AppArmor Parser
 which is required to convert AppArmor text profiles into machine-readable
 policies that are loaded into the kernel for use with the AppArmor Linux
 Security Module.

apparmor-docs: documentation for AppArmor

 This package provides some technical documentation for the AppArmor
 Mandatory Access Control system. Currently this is only a single
 PDF covering basic operation, written some time ago.

apparmor-easyprof: AppArmor easyprof profiling tool

 This provides the aa-easyprof utility which is an easy to use interface for
 AppArmor policy generation. aa-easyprof supports the use of templates and
 policy groups to quickly profile an application.

apparmor-notify: AppArmor notification system

 This package provides a utility to display AppArmor denial messages via
 desktop notifications. The utility can also be used to generate summary
 reports.

apparmor-profiles: profiles for AppArmor Security policies

 This provides various AppArmor profiles that have not been shipped by
 the packages they provide confinement for. By default, they ship in
 complain mode so that users can test and choose which are desired.

apparmor-utils: utilities for controlling AppArmor

 This provides the utilities to operate on AppArmor profiles. Profiles
 can be created, updated, enforced, set to complain mode, and disabled
 with tools such as aa-genprof, aa-enforce, aa-complain and aa-disabled.

dh-apparmor: AppArmor debhelper routines

 This provides the debhelper tools used to install and migrate AppArmor
 profiles. This is normally used from package maintainer scripts during
 install and removal.

libapache2-mod-apparmor: changehat AppArmor library as an Apache module

 This provides the Apache module needed to declare various differing
 confinement policies when running virtual hosts in the webserver
 by using the changehat abilities exposed through libapparmor.

libapache2-mod-apparmor-dbgsym: debug symbols for package libapache2-mod-apparmor

 This provides the Apache module needed to declare various differing
 confinement policies when running virtual hosts in the webserver
 by using the changehat abilities exposed through libapparmor.

libapparmor-dev: AppArmor development libraries and header files

 This package provides the development libraries and header files needed to
 link against the AppArmor changehat and log parsing functions. Also
 includes the manpages for library functions.

libapparmor-perl: AppArmor library Perl bindings

 This provides the Perl module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

libapparmor-perl-dbgsym: debug symbols for package libapparmor-perl

 This provides the Perl module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

libapparmor1: changehat AppArmor library

 This package provides the shared library used for making use of the
 AppArmor profile and changehat functionality, as well as common log
 parsing routines.

libapparmor1-dbgsym: debug symbols for package libapparmor1

 This package provides the shared library used for making use of the
 AppArmor profile and changehat functionality, as well as common log
 parsing routines.

libpam-apparmor: changehat AppArmor library as a PAM module

 This provides the PAM module needed to declare various differing
 confinement policies when starting PAM sessions by using the
 changehat abilities exposed through libapparmor.

libpam-apparmor-dbgsym: debug symbols for package libpam-apparmor

 This provides the PAM module needed to declare various differing
 confinement policies when starting PAM sessions by using the
 changehat abilities exposed through libapparmor.

python-apparmor: AppArmor Python utility library

 This provides the Python modules that implement the higher-level AppArmor
 applications.

python-libapparmor: AppArmor library Python bindings

 This provides the Python module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

python-libapparmor-dbgsym: debug symbols for package python-libapparmor

 This provides the Python module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

python3-apparmor: AppArmor Python3 utility library

 This provides the Python3 modules that implement the higher-level AppArmor
 applications.

python3-libapparmor: AppArmor library Python3 bindings

 This provides the Python3 module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

python3-libapparmor-dbgsym: debug symbols for package python3-libapparmor

 This provides the Python3 module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.