This bug was fixed in the package linux-starfive - 6.5.0-1002.3 --------------- linux-starfive (6.5.0-1002.3) mantic; urgency=medium * mantic/linux-starfive: 6.5.0-1002.3 -proposed tracker (LP: #2038697) [ Ubuntu: 6.5.0-9.9 ] * mantic/linux: 6.5.0-9.9 -proposed tracker (LP: #2038687) * update apparmor and LSM stacking patch set (LP: #2028253) - re-apply apparmor 4.0.0 * Disable restricting unprivileged change_profile by default, due to LXD latest/stable not yet compatible with this new apparmor feature (LP: #2038567) - SAUCE: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in [ Ubuntu: 6.5.0-8.8 ] * mantic/linux: 6.5.0-8.8 -proposed tracker (LP: #2038577) * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor3.2.0 [02/60]: rename SK_CTX() to aa_sock and make it an inline fn - SAUCE: apparmor3.2.0 [05/60]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor3.2.0 [08/60]: Stacking v38: LSM: Identify modules by more than name - SAUCE: apparmor3.2.0 [09/60]: Stacking v38: LSM: Add an LSM identifier for external use - SAUCE: apparmor3.2.0 [10/60]: Stacking v38: LSM: Identify the process attributes for each module - SAUCE: apparmor3.2.0 [11/60]: Stacking v38: LSM: Maintain a table of LSM attribute data - SAUCE: apparmor3.2.0 [12/60]: Stacking v38: proc: Use lsmids instead of lsm names for attrs - SAUCE: apparmor3.2.0 [13/60]: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor3.2.0 [14/60]: Stacking v38: LSM: Infrastructure management of the sock security - SAUCE: apparmor3.2.0 [15/60]: Stacking v38: LSM: Add the lsmblob data structure. - SAUCE: apparmor3.2.0 [16/60]: Stacking v38: LSM: provide lsm name and id slot mappings - SAUCE: apparmor3.2.0 [17/60]: Stacking v38: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor3.2.0 [18/60]: Stacking v38: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor3.2.0 [19/60]: Stacking v38: LSM: Use lsmblob in security_kernel_act_as - SAUCE: apparmor3.2.0 [20/60]: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: apparmor3.2.0 [21/60]: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: apparmor3.2.0 [22/60]: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor3.2.0 [23/60]: Stacking v38: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor3.2.0 [24/60]: Stacking v38: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor3.2.0 [25/60]: Stacking v38: LSM: Use lsmblob in security_cred_getsecid - SAUCE: apparmor3.2.0 [26/60]: Stacking v38: LSM: Specify which LSM to display - SAUCE: apparmor3.2.0 [28/60]: Stacking v38: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor3.2.0 [29/60]: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor3.2.0 [30/60]: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor3.2.0 [31/60]: Stacking v38: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor3.2.0 [32/60]: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: apparmor3.2.0 [33/60]: Stacking v38: NET: Store LSM netlabel data in a lsmblob - SAUCE: apparmor3.2.0 [34/60]: Stacking v38: binder: Pass LSM identifier for confirmation - SAUCE: apparmor3.2.0 [35/60]: Stacking v38: LSM: security_secid_to_secctx module selection - SAUCE: apparmor3.2.0 [36/60]: Stacking v38: Audit: Keep multiple LSM data in audit_names - SAUCE: apparmor3.2.0 [37/60]: Stacking v38: Audit: Create audit_stamp structure - SAUCE: apparmor3.2.0 [38/60]: Stacking v38: LSM: Add a function to report multiple LSMs - SAUCE: apparmor3.2.0 [39/60]: Stacking v38: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor3.2.0 [40/60]: Stacking v38: Audit: Add record for multiple task security contexts - SAUCE: apparmor3.2.0 [41/60]: Stacking v38: audit: multiple subject lsm values for netlabel - SAUCE: apparmor3.2.0 [42/60]: Stacking v38: Audit: Add record for multiple object contexts - SAUCE: apparmor3.2.0 [43/60]: Stacking v38: netlabel: Use a struct lsmblob in audit data - SAUCE: apparmor3.2.0 [44/60]: Stacking v38: LSM: Removed scaffolding function lsmcontext_init - SAUCE: apparmor3.2.0 [45/60]: Stacking v38: AppArmor: Remove the exclusive flag - SAUCE: apparmor3.2.0 [46/60]: combine common_audit_data and apparmor_audit_data - SAUCE: apparmor3.2.0 [47/60]: setup slab cache for audit data - SAUCE: apparmor3.2.0 [48/60]: rename audit_data->label to audit_data->subj_label - SAUCE: apparmor3.2.0 [49/60]: pass cred through to audit info. - SAUCE: apparmor3.2.0 [50/60]: Improve debug print infrastructure - SAUCE: apparmor3.2.0 [51/60]: add the ability for profiles to have a learning cache - SAUCE: apparmor3.2.0 [52/60]: enable userspace upcall for mediation - SAUCE: apparmor3.2.0 [53/60]: cache buffers on percpu list if there is lock contention - SAUCE: apparmor3.2.0 [55/60]: advertise availability of exended perms - SAUCE: apparmor3.2.0 [60/60]: [Config] enable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor3.2.0 [57/60]: fix profile verification and enable it * udev fails to make prctl() syscall with apparmor=0 (as used by maas by default) (LP: #2016908) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor3.2.0 [27/60]: Stacking v38: Fix prctl() syscall with apparmor=0 * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor3.2.0 [01/60]: add/use fns to print hash string hex value - SAUCE: apparmor3.2.0 [03/60]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor3.2.0 [04/60]: add user namespace creation mediation - SAUCE: apparmor3.2.0 [06/60]: af_unix mediation - SAUCE: apparmor3.2.0 [07/60]: Add fine grained mediation of posix mqueues -- Dimitri John Ledkov