lp://staging/ubuntu/vivid-proposed/apparmor
- Get this branch:
- bzr branch lp://staging/ubuntu/vivid-proposed/apparmor
Branch merges
Branch information
Recent revisions
- 88. By Jamie Strandboge
-
[ Steve Beattie ]
* debian/rules: run make check on the libapparmor library
* add-chromium-browser. patch: add support for chromium policies
(LP: #1419294)
* debian/apparmor. {init,upstart} : add support for triggering
aa-profile-hook runs when packages are updated via snappy system
image updates (LP: #1434143)
* parser-fix_modifier_ compilation_ +_tests. patch: fix compilation
of audit modifiers for exec and pivot_root and deny modifiers on
link rules as well as significantly expand related tests
(LP: #1431717, LP: #1432045, LP: #1433829)
* tests-fix_systemd_ breakage_ in_pivot_ root-lp1436109. patch: work
around pivot_root test failures due to init=systemd (LP: #1436109)
* GDM_X_authority-lp1432126. patch: add location GDM creates Xauthority
file to X abstraction (LP: #1432126)[ Jamie Strandboge ]
* easyprof-framework- policy. patch: add --include- templates- dir and
--include-policy- groups- dir options to easyprof to support framework
policy on snappy[ Robie Basak ]
* Add /lib/apparmor/profile- load; moved from
/lib/init/apparmor- profile- load from the upstart package. A wrapper at
the original path is now provided by init-system-helpers. (LP: #1432683) - 87. By Jamie Strandboge
-
systemd-
dev-log- lp1413232. patch: Allow writes to the systemd journal
socket /{,var}/run/systemd/ journal/ dev-log. This can be dropped with
with AppArmor 2.9.2. (LP: #1413232) - 86. By Steve Beattie
-
add-mir-
abstractions- lp1422521. patch: add correct location of
mir specific libraries and mir unprivileged client socket
to mir abstraction (LP: #1422521) - 85. By Martin Pitt
-
debian/
apparmor. init: Replace unnecessary $remote_fs dependency with
$local_fs. This is sufficient as during boot we don't use anything from
/usr. It's also necessary to avoid dependency cycles when using NFS (as
its dependencies should be covered by AppArmor). (LP: #1312976) - 84. By Steve Beattie
-
* Update to apparmor 2.9.1
- make parser mount rule options consistent with documentation
(LP: #1401619)
- make parser fail if unknown mount options are encountered
(LP: #1401621)
- stop aa-logprof from asking about already allowed network rules
(LP: #1380367)
- make utils offer abstractions for network rules (LP: #1380367)
- make libapparmor understand logs generated by syslog-ng
(LP: #1399027)
- stop python utilities from adding duplicate quotes (LP: #1328707)
- work around aa-cleanprof crashes (LP: #1382236)
- other bug fixes, performance improvements, and testcases added to
the python utils.
- policy updates for dnsmasq, nscd, and others
- translation updates
* Partial sync with debian apparmor package:
- debian/apparmor- profiles. install: add additional dovecot and
smbldap-useradd profiles
- debian/control: fix typo in apparmor-docs description, fix file
overwrite issues with python-apparmor, apparmor-docs
- debian/rules: improved repeat-build cleanup logic.
- Add Turkish translation of debconf messages. Thanks to
Mert Dirik <email address hidden> for the patch!
- debian/apparmor. postrm: Remove
/var/lib/apparmor/ profiles/ .apparmor. md5sums and parent
directories on package purge.
* add-mir-abstractions- lp1422521. patch: add mir abstraction to cover
mir specific libraries (LP: #1422521)
* debian/rules: remove no longer needed references to PERLDIR when
installing from utils/ - 83. By Martin Pitt
-
Ship libapparmor in /lib instead of /usr as we want to use it in systemd
now. (LP: #1397960) - 82. By Jamie Strandboge
-
* debian/
lib/apparmor/ functions: disable expr tree simplification for
/var/lib/apparmor/ profiles (LP: #1383858)
* parser-dont-skip- read-cache- with-optimizati ons.patch: don't skip read
cache when specifying '-O' (LP: #1385947) - 81. By Steve Beattie
-
* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
- fix logparsing memory leak (LP: #1340927)
- incorporate fixes to regression testsuite to compensate for
af_unix mediation, as well as extend test coverage
(LP: #1375403, LP: #1375516)
- fix libapparmor's log parsing code to accept additional rejection
types (LP: #1375413)
- fix X abstraction for changed lightdm xauthority file locations
(LP: #1339727)
- parser: disable downgrade and not enforced rule messages
by default
- fix error when using regex profile names in IPC rules
(LP: #1373085)
- updates and fixes to the python utilities
- translation updates[ Steve Beattie ]
* Removed upstreamed patches:
drop-peer_addr- with-local- addr-in- base.patch,
update_socketpair_ tests_for_ af_unix. patch,
fix_socketpair_tests. patch, sanitized- helpers- updates. patch,
01-tests-unix_socket_ lists.patch,
02-tests-accept_ unix_rules_ in_mkprofile. patch,
03-tests-unix_sockets_ v7_pathnames. patch,
04-tests-migrate_ from_poll_ to_sockio_ timeout. patch,
05-tests-add_abstract_ socket_ tests.patch,
06-tests-use_socketpair_ and_none. patch,
07-parser-fix_local_ perms.patch,
08-phpsysinfo-policy- updates. patch,
09-apache2-policy- instructions. patch,
10-lp1371771.patch, 11-lp1371765.patch,
lp1169881.patch
* refreshed etc-writable.patch and libapparmor-layout- deb.patch
* debian/control: add breaks on python3-apparmor against older
apparmor-utils that used to be where python bits lived
(LP: #1373259)
* debian/apport/ source_ apparmor. py:
- fixes the apparmor apport hook so it does not raise an exception if
a non-unicode character is found in /var/log/kern.log or in
/var/log/syslog. This should work under python3 or python2.7
(LP: #1304447)
- adjusts the add_info() function to take the expected additional ui
argument, though it has no need for it.
- converts the log parsing code to use with statements so as not to
leak open file descriptors
- updates the set of packages to query to see if installed and if so,
report the version of.
- adjust import to make pyflakes job easier
- minor pep8 cleanups[ Jamie Strandboge ]
* add-chromium-browser. patch: don't allow writing to the oom score and
adjust files since this allows chromium to change the values for any
process matching our UID
* debian/apparmor. upstart: check if click-apparmor md5sums changed so we
regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor. init: make corresponding upstart change to initscript
* debian/lib/apparmor/ functions: fall back to using -n1 if the parser failed
to load a profile set. This should be removed when the parser properly
handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447) - 80. By Jamie Strandboge
-
add-chromium-
browser. patch: user addr=none instead of peer=(addr=none)
(LP: #1374363)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/vivid/apparmor