apparmor 4.0.0~alpha2-0ubuntu1 source package in Ubuntu

Changelog

apparmor (4.0.0~alpha2-0ubuntu1) mantic; urgency=medium

  [ John Johansen ]
  * New upstream release 4.0-alpha2

  [ Alex Murray ]
  * Infrastructure to enable AppArmor userns restrictions
    (LP: #2030353, LP: #2032602)
    - debian/usr/lib/sysctl.d/10-apparmor.conf: disable userns restrictions
      for now until we have a complete set of profiles for the whole
      Ubuntu archive
    - debian/apparmor.install: ship sysctl.d file in the apparmor binary
      package
    - d/p/u/userns-unconfined.patch: add some additional profiles that
      specify the userns permission with the unconfined flag for a currently
      incomplete list of applications within the Ubuntu archive that use
      unprivileged user namespaces
      - usr.bin.ch-checkns
      - usr.bin.ch-run
      - usr.bin.crun
      - usr.bin.flatpak
    - debian/put-all-profiles-in-complain-mode.sh: don't put unconfined
      profiles in complain mode
  * Add patches from upstream to fix test failures
    - d/p/u/tests-fix-userns-setns-opening-pipe-order.patch
    - d/p/u/tests-replace-individual-socket-permissions.patch
    - d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch
  * Add new symbols

apparmor (4.0.0~alpha1-0ubuntu1) mantic; urgency=medium

  * New upstream release.
  * Drop patches which have now been applied upstream
    - d/p/fix-expected-library-version.patch
    - d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
    - d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
    - d/p/u/add-mqueue-support.patch
    - d/p/u/add-userns-support.patch
    - d/p/u/update-snap-browsers-permissions-lp1794064.patch
    - d/p/u/add-4.0-abi.patch
  * Refresh patches
    - d/p/d/etc-writable.patch
    - d/p/u/samba-systemd-interaction.patch
  * d/apparmor.install: install aa-load
  * d/apparmor-profiles.install:
    - install new profiles
      - usr.lib.dovecot.director
      - usr.lib.dovecot.doveadm-server
      - usr.lib.dovecot.replicator
      - zgrep
      - rpcbind
      - chromium_browser
      - usr.bin.pyzorsocket
      - usr.bin.razorsocket
      - usr.sbin.clamd
      - usr.sbin.haproxy
    - rename profiles
      - firefox
      - firefox.sh

 -- Alex Murray <email address hidden>  Tue, 22 Aug 2023 12:30:32 +0930

Upload details

Uploaded by:
Alex Murray
Uploaded to:
Mantic
Original maintainer:
Ubuntu Developers
Architectures:
linux-any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apparmor_4.0.0~alpha2.orig.tar.gz 7.8 MiB 594fcace8fbfb656b2e991b33feb1270ea0fdc09ec3ae517290afd409a57b368
apparmor_4.0.0~alpha2-0ubuntu1.debian.tar.xz 92.7 KiB d6724908c1a14ab6fa9b8ad428db6afc4ce6f3a4bad7bca3a456b8f7160afb6d
apparmor_4.0.0~alpha2-0ubuntu1.dsc 3.0 KiB 144e9b110943a0d8593dc2676cea57d81d5921d5833447f4fd17769b22a266b9

View changes file

Binary packages built by this source

apparmor: user-space parser utility for AppArmor

 apparmor provides the system initialization scripts needed to use the
 AppArmor Mandatory Access Control system, including the AppArmor Parser
 which is required to convert AppArmor text profiles into machine-readable
 policies that are loaded into the kernel for use with the AppArmor Linux
 Security Module.

apparmor-dbgsym: debug symbols for apparmor
apparmor-notify: AppArmor notification system

 apparmor-notify provides a utility to display AppArmor denial
 messages via desktop notifications. The utility can also be used to
 generate summary reports.

apparmor-profiles: experimental profiles for AppArmor security policies

 apparmor-profiles provides various experimental AppArmor profiles.
 Do not expect these profiles to work out-of-the-box.
 .
 These profiles are not mature enough to be shipped in enforce mode by
 default on Debian. They are shipped in complain mode so that users
 can test them, choose which are desired, and help improve them
 upstream if needed.
 .
 Some even more experimental profiles are included in
 /usr/share/doc/apparmor-profiles/extras/.

apparmor-utils: utilities for controlling AppArmor

 apparmor-utils provides utilities that operate on AppArmor
 profiles. Profiles can be created, updated, enforced, set to complain
 mode, and disabled with tools such as aa-genprof, aa-enforce,
 aa-complain and aa-disable.
 .
 Additionally, the aa-easyprof utility helps generating AppArmor policy.
 It supports the use of templates and policy groups to quickly profile
 an application.

dh-apparmor: AppArmor debhelper routines

 dh-apparmor provides the debhelper tools used to install and migrate
 AppArmor profiles. This is normally used from package maintainer scripts
 during install and removal.

libapache2-mod-apparmor: changehat AppArmor library as an Apache module

 libapache2-mod-apparmor provides the Apache module needed to declare
 various differing confinement policies when running virtual hosts in the
 webserver by using the changehat abilities exposed through libapparmor.

libapache2-mod-apparmor-dbgsym: debug symbols for libapache2-mod-apparmor
libapparmor-dev: AppArmor development libraries and header files

 libapparmor-dev provides the development libraries and header
 files needed to link against libapparmor, as well as
 the manpages for library functions.

libapparmor1: changehat AppArmor library

 libapparmor1 provides a shared library one can compile programs
 against in order to use various AppArmor functionality,
 such as transitioning to a different AppArmor profile or hat.

libapparmor1-dbgsym: debug symbols for libapparmor1
libpam-apparmor: changehat AppArmor library as a PAM module

 libpam-apparmor provides the PAM module needed to declare various
 differing confinement policies when starting PAM sessions by using the
 changehat abilities exposed through libapparmor.

libpam-apparmor-dbgsym: debug symbols for libpam-apparmor
python3-apparmor: AppArmor Python3 utility library

 python3-apparmor provides the Python3 modules that implement the
 higher-level AppArmor applications.

python3-libapparmor: AppArmor library Python3 bindings

 python3-libapparmor provides the Python3 module that contains the language
 bindings for the AppArmor library, libapparmor, which were autogenerated
 via SWIG.

python3-libapparmor-dbgsym: debug symbols for python3-libapparmor