This bug was fixed in the package linux - 6.2.0-19.19 --------------- linux (6.2.0-19.19) lunar; urgency=medium * lunar/linux: 6.2.0-19.19 -proposed tracker (LP: #2012488) * Neuter signing tarballs (LP: #2012776) - [Packaging] neuter the signing tarball * LSM stacking and AppArmor refresh for 6.2 kernel (LP: #2012136) - Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS" - Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation" - Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues" - Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static"" - Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)" - Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()" - Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob" - Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()" - Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag" - Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context" - Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration." - Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check" - Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes" - Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes" - Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob" - Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter" - Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx" - Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx" - Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser" - Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display" - Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid" - Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match" - Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure." - Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security" - Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()" - Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" - Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx" - Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label" - Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" - Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules" - Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value" - SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn - SAUCE: apparmor: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: Stacking v38: LSM: Identify modules by more than name - SAUCE: Stacking v38: LSM: Add an LSM identifier for external use - SAUCE: Stacking v38: LSM: Identify the process attributes for each module - SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data - SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs - SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: Stacking v38: LSM: Infrastructure management of the sock security - SAUCE: Stacking v38: LSM: Add the lsmblob data structure. - SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings - SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs - SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match - SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as - SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid - SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid - SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid - SAUCE: Stacking v38: LSM: Specify which LSM to display - SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser - SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security - SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob - SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation - SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection - SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names - SAUCE: Stacking v38: Audit: Create audit_stamp structure - SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs - SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer - SAUCE: Stacking v38: Audit: Add record for multiple task security contexts - SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel - SAUCE: Stacking v38: Audit: Add record for multiple object contexts - SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data - SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init - SAUCE: Stacking v38: AppArmor: Remove the exclusive flag - SAUCE: apparmor: combine common_audit_data and apparmor_audit_data - SAUCE: apparmor: setup slab cache for audit data - SAUCE: apparmor: rename audit_data->label to audit_data->subj_label - SAUCE: apparmor: pass cred through to audit info. - SAUCE: apparmor: Improve debug print infrastructure - SAUCE: apparmor: add the ability for profiles to have a learning cache - SAUCE: apparmor: enable userspace upcall for mediation - SAUCE: apparmor: cache buffers on percpu list if there is lock contention - SAUCE: apparmor: fix policy_compat permission remap with extended permissions - SAUCE: apparmor: advertise availability of exended perms - [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) // LSM stacking and AppArmor refresh for 6.2 kernel (LP: #2012136) - SAUCE: apparmor: add/use fns to print hash string hex value - SAUCE: apparmor: patch to provide compatibility with v2.x net rules - SAUCE: apparmor: add user namespace creation mediation - SAUCE: apparmor: af_unix mediation - SAUCE: apparmor: Add fine grained mediation of posix mqueues * devlink_port_split from ubuntu_kernel_selftests.net fails on hirsute (KeyError: 'flavour') (LP: #1937133) - selftests: net: devlink_port_split.py: skip test if no suitable device available * NFS deathlock with last Kernel 5.4.0-144.161 and 5.15.0-67.74 (LP: #2009325) - NFS: Correct timing for assigning access cache timestamp -- Andrea Righi