[Alex Murray]
* Enable user namespace restrictions by default (LP: #2046477)
- d/p/u/userns-runtime-disable.patch: add logic to disable user
namespace restrictions if kernel lacks support
- debian/usr/lib/sysctl.d/10-apparmor.conf: set sysctl value to 1 and
update comment to match
- debian/apparmor.service: run After systemd-sysctl.service
[John Johansen]
* Add additional AppArmor profiles to support third-party applications
that use unprivileged user namespace
- add d/p/u/oot-unconfined-profiles.patch
- add profiles to debian/apparmor.install
- /etc/apparmor.d/1password
- /etc/apparmor.d/Discord
- /etc/apparmor.d/MongoDB_Compass
- /etc/apparmor.d/code
- /etc/apparmor.d/firefox
- /etc/apparmor.d/github-desktop
- /etc/apparmor.d/obsidian
- /etc/apparmor.d/opera
- /etc/apparmor.d/polypane
- /etc/apparmor.d/signal-desktop
- /etc/apparmor.d/slack
- /etc/apparmor.d/steam
[Alex Murray]
* Drop duplicate profiles for usr.share.code.bin.code and
* usr.lib.multiarch.opera.opera since they are now also in
d/p/u/oot-unconfined-profiles.patch
- modified d/p/u/userns-unconfined-profiles.patch to remove them
- removed from debian/apparmor.install
- added to debian/apparmor.maintscript to ensure they are removed on
upgrade
-- John Johansen <email address hidden> Wed, 13 Dec 2023 20:38:45 -0800
This bug was fixed in the package apparmor - 4.0.0~alpha2- 0ubuntu7
--------------- alpha2- 0ubuntu7) noble; urgency=medium
apparmor (4.0.0~
[Alex Murray] runtime- disable. patch: add logic to disable user usr/lib/ sysctl. d/10-apparmor. conf: set sysctl value to 1 and apparmor. service: run After systemd- sysctl. service
* Enable user namespace restrictions by default (LP: #2046477)
- d/p/u/userns-
namespace restrictions if kernel lacks support
- debian/
update comment to match
- debian/
[John Johansen] unconfined- profiles. patch apparmor. install d/1password d/Discord d/MongoDB_ Compass d/code d/firefox d/github- desktop d/obsidian d/opera d/polypane d/signal- desktop d/slack d/steam
* Add additional AppArmor profiles to support third-party applications
that use unprivileged user namespace
- add d/p/u/oot-
- add profiles to debian/
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
- /etc/apparmor.
[Alex Murray] code.bin. code and multiarch. opera.opera since they are now also in u/oot-unconfine d-profiles. patch unconfined- profiles. patch to remove them apparmor. install apparmor. maintscript to ensure they are removed on
* Drop duplicate profiles for usr.share.
* usr.lib.
d/p/
- modified d/p/u/userns-
- removed from debian/
- added to debian/
upgrade
-- John Johansen <email address hidden> Wed, 13 Dec 2023 20:38:45 -0800