[ John Johansen, Steve Beattie ]
* Add userspace support for AppArmor signals and ptrace mediation
(LP: #1298611)
+ debian/patches/mediate-signals.patch,
debian/patches/change-signal-syntax.patch: Parse signal rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/change-ptrace-syntax.patch,
debian/patches/mediate-ptrace.patch: Parse ptrace rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/test-signal-rules.patch,
debian/patches/test-ptrace-rules.patch,
debian/patches/update-tests-for-new-semantics.patch: Update existing
tests and add new tests for signal and ptrace mediation
+ debian/patches/fix-garbage-in-preprocessor-output.patch: Fix bug causing
apparmor_parser preprocessor output to contain garbage after include
statements
+ debian/patches/fix-double-comma-in-preprocessor-output.patch: Fix bug
causing apparmor_parser preprocessor output to contain double commas
after some rules
+ debian/patches/symtab-tests-and-seenlist-bug.patch,
debian/patches/add-profile-name-variable.patch: Add ${profile_name}
variable for use in profiles when rules need to specify the current
profile's name. This is useful for signal and ptrace rules that specify
+ debian/patches/fix-names-treated-as-condlistid.patch: Fix
apparmor_parser bug that caused mount and dbus rules to fail for sets of
values
[ Jamie Strandboge ]
* debian/patches/update-base-abstraction-for-signals-and-ptrace.patch:
Adjust the base abstraction for signals and ptrace mediation. Profiles
that use the base abstraction can deny any of the granted permissions to
achieve tighter confinement.
* debian/patches/manpage-signal-ptrace.patch: Update the apparmor.d man
page to document signal rules, ptrace rules, and variables for use in
AppArmor profiles
* debian/patches/dnsmasq-libvirtd-signal-ptrace.patch: Update the dnsmasq
profile to allow libvirtd to send signals to and ptrace read the dnsmasq
process
* debian/patches/update-chromium-browser.patch: Adjust the chromium-browser
profile for permissions needed in newer chromium-browser versions and add
the rules needed for AppArmor ptrace mediation
[ Tyler Hicks ]
* Add new rule type support to aa.py to fix tracebacks when using the Python
utilities in apparmor-utils on systems with AppArmor profiles containing
previously unsupported rule types
- debian/patches/python-utils-file-support.patch: Support path rules
containing the "file" prefix (LP: #1295346)
- debian/patches/python-utils-signal-support.patch: Parse and write signal
rules (LP: #1300316)
- debian/patches/python-utils-ptrace-support.patch: Parse and write ptrace
rules (LP: #1300317)
- debian/patches/python-utils-pivot_root-support.patch: Parse and write
pivot_root rules (LP: #1298678)
-- Jamie Strandboge <email address hidden> Fri, 04 Apr 2014 01:07:24 -0500
This bug was fixed in the package apparmor - 2.8.95~ 2430-0ubuntu5
--------------- 2430-0ubuntu5) trusty; urgency=medium
apparmor (2.8.95~
* debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin, easyprof- ubuntu
lightdm and apparmor-
apparmor (2.8.95~ 2430-0ubuntu4) trusty; urgency=medium
[ John Johansen, Steve Beattie ] patches/ mediate- signals. patch, patches/ change- signal- syntax. patch: Parse signal rules with parser. See the apparmor.d(5) man page for syntax details. patches/ change- ptrace- syntax. patch, patches/ mediate- ptrace. patch: Parse ptrace rules with parser. See the apparmor.d(5) man page for syntax details. patches/ test-signal- rules.patch, patches/ test-ptrace- rules.patch, patches/ update- tests-for- new-semantics. patch: Update existing patches/ fix-garbage- in-preprocessor -output. patch: Fix bug causing parser preprocessor output to contain garbage after include patches/ fix-double- comma-in- preprocessor- output. patch: Fix bug patches/ symtab- tests-and- seenlist- bug.patch, patches/ add-profile- name-variable. patch: Add ${profile_name} patches/ fix-names- treated- as-condlistid. patch: Fix parser bug that caused mount and dbus rules to fail for sets of
* Add userspace support for AppArmor signals and ptrace mediation
(LP: #1298611)
+ debian/
debian/
apparmor_
+ debian/
debian/
apparmor_
+ debian/
debian/
debian/
tests and add new tests for signal and ptrace mediation
+ debian/
apparmor_
statements
+ debian/
causing apparmor_parser preprocessor output to contain double commas
after some rules
+ debian/
debian/
variable for use in profiles when rules need to specify the current
profile's name. This is useful for signal and ptrace rules that specify
+ debian/
apparmor_
values
[ Jamie Strandboge ] patches/ update- base-abstractio n-for-signals- and-ptrace. patch: patches/ manpage- signal- ptrace. patch: Update the apparmor.d man patches/ dnsmasq- libvirtd- signal- ptrace. patch: Update the dnsmasq patches/ update- chromium- browser. patch: Adjust the chromium-browser
* debian/
Adjust the base abstraction for signals and ptrace mediation. Profiles
that use the base abstraction can deny any of the granted permissions to
achieve tighter confinement.
* debian/
page to document signal rules, ptrace rules, and variables for use in
AppArmor profiles
* debian/
profile to allow libvirtd to send signals to and ptrace read the dnsmasq
process
* debian/
profile for permissions needed in newer chromium-browser versions and add
the rules needed for AppArmor ptrace mediation
[ Tyler Hicks ] patches/ python- utils-file- support. patch: Support path rules patches/ python- utils-signal- support. patch: Parse and write signal patches/ python- utils-ptrace- support. patch: Parse and write ptrace patches/ python- utils-pivot_ root-support. patch: Parse and write
* Add new rule type support to aa.py to fix tracebacks when using the Python
utilities in apparmor-utils on systems with AppArmor profiles containing
previously unsupported rule types
- debian/
containing the "file" prefix (LP: #1295346)
- debian/
rules (LP: #1300316)
- debian/
rules (LP: #1300317)
- debian/
pivot_root rules (LP: #1298678)
-- Jamie Strandboge <email address hidden> Fri, 04 Apr 2014 01:07:24 -0500