[FFe] new apparmor features for 3.0.7
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
We propose two new features for 3.0.7 Apparmor:
1. parser support for user namespace mediation.
Since the last kernel update with commit https:/
Ubuntu 22.10 mediates user namespaces which allows for confined applications to have unprivileged user namespace creation, instead of disabling it completely.
If we want applications to have this ability, then we need to add support on the parser, which is a feature we are introducing. Bug 1990064 is an example caused by this.
2. userspace support for posix message queue mediation
Kernel also has POSIX message queue mediation with commit https:/
We are also adding a fix for Bug 1990692 which will make the AppArmor profiles for samba to be up to date with upstream.
TESTING
This has been extensively tested by the security team - this includes
following the documented Ubuntu merges test plan[1] for AppArmor and the
extensive QA Regression Tests[2] for AppArmor as well. This ensures that
the various applications that make heavy use of AppArmor (LXD, docker,
lxc, dbus, libvirt, snapd etc) have all been exercised and no regressions
have been observed. All tests have passed and demonstrated both apparmor
and the various applications that use it to be working as expected.
BUILD LOGS
This is currently uploaded to https:/
Launchpad at:
https:/
DEBDIFF
The debdiff can be found in the PPA: https:/
INSTALL / UPGRADE LOG
The apt upgrade log is attached in:
https:/
[1] https:/
[2] https:/
summary: |
- [FFe] apparmor 3.1.0 upstream release + [FFe] apparmor 3.1.1 upstream release |
Changed in apparmor (Ubuntu): | |
status: | New → Incomplete |
summary: |
- [FFe] apparmor 3.1.1 upstream release + [FFe] new apparmor features for 3.0.7 |
Changed in apparmor (Ubuntu): | |
status: | Incomplete → New |
description: | updated |
Changed in apparmor (Ubuntu): | |
status: | Triaged → Fix Released |
The generated changelog for this release is quite big, so it's not really easily parseable. Do you know of any bigger/important features that are part of this apport release? Would be nice to at least know the overview of how many 'new' things are in there, compared to the huge set of fixes.