* Add capability upstream patches to fix LP: #1964636
- u/cap1-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch: move
code that generates a list of capabilities to a script in common/
- u/cap2-parser-Move-to-a-pre-generated-cap_names.h.patch: use a
pre-generated list of capabilities so that all capabilities are
supported even when building against older kernels.
- u/cap3-parser-cleanup-capability_table-generation-by-droppi.patch: drop
sys_log static declaration because it's already in the generated list.
- u/cap4-parser-unify-capability-name-handling.patch: drop internal
hardcoded capability table.
- u/cap5-parser-Makefile-use-LC_ALL-C-when-invoking-sed.patch: use
LC_ALL=C when invoking sed.
- u/cap6-parser-Add-warning-to-capability_table-about-the-nee.patch: add
warning to capability_table about the need to update the Makefile.
- u/cap7-Add-CAP_BPF-and-CAP_PERFMON-to-severity.db.patch: add
support for cap_bpf and cap_perfmon
- u/cap8-parser-Makefile-fix-generated-cap-comparison-against.patch: fix
generated cap comparison against known list
* Add upstream patches for abi support. LP: #1728130
- u/abi1-parser-feature-abi-setup-parser-to-intersect-policy-.patch: add
the ability to intersect parser and kernel features in the parser.
- u/abi2-parser-add-basic-support-for-feature-abis.patch: add support
to specify a feature abi.
- u/abi3-pin-abi-2.13.patch: add and pin a policy abi for 2.13
- u/abi4-parser-fix-abi-rule-and-pinned-feature-file-interact.patch: fix
abi rule and pinned feature file interaction
- apparmor.install: add 2.13 abi file to be installed in /etc/apparmor.d/abi/
* Add mqueue patches. LP: #1993353
- u/mqueue1-parser-add-parser-support-for-message-queue-mediatio.patch:
add parser support for mqueue mediation
- u/mqueue2-tests-add-posix-message-queue-regression-tests.patch: add
posix mqueue regression tests
- u/mqueue3-utils-add-message-queue-rules-parsing-in-python-tool.patch:
add support in python tools to parse mqueue rules
- u/mqueue4-parser-add-parser-simple-tests-for-mqueue-rules.patch: add
parser simple tests for mqueue
- u/mqueue5-parser-place-perm-on-name-as-well-as-name-label-comb.patch:
add permissions on name and also on name + label
- u/mqueue6-libapparmor-add-support-for-requested-and-denied-on-.patch:
add parsing support for "denied" and "requested" from audit logs
- u/mqueue7-libapparmor-add-support-for-class-in-logparsing.patch: add
parsing support for "class" from audit logs
- u/mqueue8-utils-add-logparser-support-for-mqueue.patch: add logparser
support for mqueue rules
- u/mqueue9-tests-add-sysv-message-queue-regression-tests.patch: add
sysv mqueue regression tests
- u/mqueue10-parser-enable-mqueue-rules-when-abi-is-not-set.patch:
override pinned features for mqueue rules when abi is not set in policy.
- debian/rules: create mqueue testcase empty files for libapparmor tests.
* Closes LP: #1994146
This bug was fixed in the package apparmor - 2.13.3-7ubuntu5.2
---------------
apparmor (2.13.3-7ubuntu5.2) focal; urgency=medium
* Add capability upstream patches to fix LP: #1964636 Generate- CAPABILITIES- in-a-script- due-to- make-4. 3.patch: move parser- Move-to- a-pre-generated -cap_names. h.patch: use a parser- cleanup- capability_ table-generatio n-by-droppi. patch: drop parser- unify-capabilit y-name- handling. patch: drop internal parser- Makefile- use-LC_ ALL-C-when- invoking- sed.patch: use parser- Add-warning- to-capability_ table-about- the-nee. patch: add Add-CAP_ BPF-and- CAP_PERFMON- to-severity. db.patch: add parser- Makefile- fix-generated- cap-comparison- against. patch: fix parser- feature- abi-setup- parser- to-intersect- policy- .patch: add parser- add-basic- support- for-feature- abis.patch: add support pin-abi- 2.13.patch: add and pin a policy abi for 2.13 parser- fix-abi- rule-and- pinned- feature- file-interact. patch: fix d/abi/ parser- add-parser- support- for-message- queue-mediatio. patch: tests-add- posix-message- queue-regressio n-tests. patch: add utils-add- message- queue-rules- parsing- in-python- tool.patch: parser- add-parser- simple- tests-for- mqueue- rules.patch: add parser- place-perm- on-name- as-well- as-name- label-comb. patch: libapparmor- add-support- for-requested- and-denied- on-.patch: libapparmor- add-support- for-class- in-logparsing. patch: add utils-add- logparser- support- for-mqueue. patch: add logparser tests-add- sysv-message- queue-regressio n-tests. patch: add parser- enable- mqueue- rules-when- abi-is- not-set. patch:
- u/cap1-
code that generates a list of capabilities to a script in common/
- u/cap2-
pre-generated list of capabilities so that all capabilities are
supported even when building against older kernels.
- u/cap3-
sys_log static declaration because it's already in the generated list.
- u/cap4-
hardcoded capability table.
- u/cap5-
LC_ALL=C when invoking sed.
- u/cap6-
warning to capability_table about the need to update the Makefile.
- u/cap7-
support for cap_bpf and cap_perfmon
- u/cap8-
generated cap comparison against known list
* Add upstream patches for abi support. LP: #1728130
- u/abi1-
the ability to intersect parser and kernel features in the parser.
- u/abi2-
to specify a feature abi.
- u/abi3-
- u/abi4-
abi rule and pinned feature file interaction
- apparmor.install: add 2.13 abi file to be installed in /etc/apparmor.
* Add mqueue patches. LP: #1993353
- u/mqueue1-
add parser support for mqueue mediation
- u/mqueue2-
posix mqueue regression tests
- u/mqueue3-
add support in python tools to parse mqueue rules
- u/mqueue4-
parser simple tests for mqueue
- u/mqueue5-
add permissions on name and also on name + label
- u/mqueue6-
add parsing support for "denied" and "requested" from audit logs
- u/mqueue7-
parsing support for "class" from audit logs
- u/mqueue8-
support for mqueue rules
- u/mqueue9-
sysv mqueue regression tests
- u/mqueue10-
override pinned features for mqueue rules when abi is not set in policy.
- debian/rules: create mqueue testcase empty files for libapparmor tests.
* Closes LP: #1994146
-- Georgia Garcia <email address hidden> Mon, 10 Oct 2022 17:52:45 -0300