Created by Kees Cook and last modified
Get this branch:
bzr branch lp://staging/apparmor/2.12
Members of AppArmor Developers can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

AppArmor Developers

Recent revisions

3731. By Steve Beattie

The AppArmor project has been converted to git and is now hosted on

To get the converted repository, please do
  git clone https://gitlab.com/apparmor/apparmor

3730. By Steve Beattie

parser+libapparmor: partially address issues building with musl

adjust macros and header inclusion to make progress on building with the
musl C library.

Acked-by: Steve Beattie <email address hidden>

3729. By Steve Beattie

profiles: add attach_disconnected flags to example apache profile

Without it, seeing rejections like:

  apparmor="ALLOWED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2" name="" pid=13777 comm="apache2" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0

Acked-by: Steve Beattie <email address hidden>

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875892

3728. By Steve Beattie

profiles: update wireshark profile for modern releases

Acked-by: Steve Beattie <email address hidden>

3727. By John Johansen

Bump version 2.11.95 for 2.12 beta

Signed-off-by: John Johansen <email address hidden>

3726. By Steve Beattie

profiles: allow OpenAL HRTF support in audio abstraction

The files are "head-related transfer function" data sets, used by
OpenAL for better spatialization of sounds when headphones are detected.

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874665

3725. By Christian Boltz

Keep JSON version at 2.12

We never did a release with the JSON code, and YaST (the only known user
of the JSON interface) will work with the added 'changes' dialog type
from r3721 without needing changes.

Also add a better comment/reason why a response for 'changes' is
expected, but gets ignored.

Reviewed-by: Goldwyn Rodrigues <email address hidden>
Acked-by: Steve Beattie <email address hidden>

3724. By Steve Beattie

utils: stop rewriting shbang lines in setup script

The python setup tools script is set to rewrite the shbang line of
scripts installed in ${PREFIX}/bin/ if the PYTHON environment variable
is set. Unfortunately, this (a) only covers the aa-easyprof script
as the rest are installed in ${PREFIX}/sbin/, and (b) we've deprecated
python 2 support, and hardcoded python3 as the interpreter for all of
the python scripts in the utils/ directory.

The only use for this feature would be if for some reason the utils did
not work properly with the default python3 interpreter and a specific
version was needed to be set, but I don't think that warrants keeping
the extra bit of code complexity around (and indeed, the snippet that
does this is forcibly disabled in Debian/Ubuntu).

Therefore, drop the shbang rewriting entirely.

Signed-off-by: Steve Beattie <email address hidden>
Acked-by: John Johansen <email address hidden>

3723. By Steve Beattie

binutils: honor ${CFLAGS} and ${CPPFLAGS}

Acked-by: Steve Beattie <email address hidden>

3722. By Steve Beattie

profiles: tunables/global - accept seven digit pids

On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
(2^22), which results in seven digit pids. Adjust the @{PID} variable in
tunables/global to accept this.

Acked-by: intrigeri <email address hidden>
Acked-by: Steve Beattie <email address hidden>

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.