Download project files

How do I verify a download?


110 of 53 releases

2.13.4 release from the 2.13 series released 2020-03-12

Release information
Release notes:

Introduction
AppArmor 2.13.4 is a maintenance release of the user space components
of the AppArmor security project. The kernel portion of the project
is maintained and pushed separately.
This version of the userspace should work with all kernel versions from
2.6.15 and later (some earlier version of the kernel if they have the
apparmor patches applied). And supports features released in the 4.18
kernel and ubuntu 18.04 kernel with the apparmor 3 development patches.
AppArmor 2.13.4 was released 2020-03-12.

Obtaining the Release
These release notes cover all changes between 2.13.3 (2f9d9ea7) and 2.13.4 (XXXXX) on the apparmor-2.13 branch.
Tarball

https://launchpad.net/apparmor/2.13/2.13.4/+download/apparmor-2.13.4.tar.gz
sha256sum:
signature: https://launchpad.net/apparmor/2.13/2.13.4...

File Description Downloads
download icon apparmor-2.13.4.tar.gz (md5, sig) AppArmor 2.13.4 1,679
last downloaded today
Total downloads: 1,679

2.13.3 release from the 2.13 series released 2019-06-18

Release information
Changelog:

Changes in this Release

Translations

sync to most up to date language translations available

Build Infrastructure

add files to .gitignore

swig auto generated files for ruby ([MR366][MR366])

fix libapparmor swig 4 failure 'aa_log_record' object has no attribute '__getattr__' ([BUG33][AABUG33])

libapparmor

fix segfault in overlaydirat_for_each causing overlayed cache directory failures
fix segfault when loading policy cache files
fix failure to merge overlay directories in some situations

Policy Compiler (a.k.a apparmor_parser)

clean up error handling ([dbug921866][dbug921866], [LP1815294][LP1815294])
fix parsing of target profile NAME in directed transitions “px -> NAME"
improve runtime attachment by determine xmatch priority based on smallest DFA match
don't skip cache loads just because optimizations flags are specified

Init

apparmor.systemd: fix minor issues detected by shellcheck
ensure error value is returned correctly ([MR352][MR352])

Utils

genprof/logprof
drop failing corner-case check in logparser.py ([bso1120472][bso1120472], [MR297][MR297])
drop unused get_profile_filename() from logparser.py ([MR297][MR297])
fix error KeyError: 'logfiles' when no logprof.conf exists ([MR365][MR365])
don't drop later events when user selects to deny a hat ([MR378][MR378])
update network keyword list and add corresponding tests ([MR350][MR350])

Policy

Profiles

dovecot

allow FD passing between dovecot and dovecot's anvil
allow chroot'ing the auth processes
let dovecot/anvil rw the auth-penalty socket
auth processes need to read from postfix auth socket
add abstractions/ssl_certs to lmtp
allow master to use SIGTERM on children that are slow to die
align {pop3,managesieve}-login to imap-login

identd: allow network netlink dgram ([MR353][MR353])
syslog-ng: add abstractions/python for python-parser
lsb_release profile: new abstraction
dnsmasq:

allow peer=libvirtd to support named profile
Work around breakage caused by {bin,sbin} alternation ([bso1127073][bso1127073], [MR346][MR346])
Revert /usr/{bin,sbin}/ alternation in dnsmasq profile name

msqld:

add mmap permission for mysqld (4.8 semantic change)
allow mysql to determine which cpus are online
allow locking of mysql files

Tunables

share:

make it play well with aliases
fix buggy syntax that broke the ~/.local/share part of the @{user_share_dirs} tunable

Abstractions

move dirc.d access from mesa to dir-common
base: allow mr permission on all .so common library paths
dri-common: allow reading /dev/dri/
ssl_certs,keys - add support for libdehydrated in /var/lib/
qt5: allow reading user configuration
qt5-settings-write: fix anonymous shared memory access
qt5-compose-cache-write: fix anonymous shared memory access
nameservice: allow access to /run/netconfig/resolv.conf ([bso1097370][bso1097370])
mesa: allow reading drirc.d
vulcan: allow reading /etc/vulkan/icd.d/ ([MR329][MR329])
nvidia: allow reading nvidia application profiles
postfix-common: make compatible with updated postfix profiles naming
python: allow reading /usr/local/lib/python3
ldapclient: allow rw access to the nslcd socket
ubuntu-browsers.d/multimedia: allow creating/writing config dirs
audio:

fix alsa settings access
grant read access to the system-wide asound.conf ([dbug920669][dbug920669], [MR320][MR320])
grant read access to the libao configuration files ([dbug920670][dbug920670], [MR320][MR320])

fonts:

Allow to read conf-avail dir itself.
Add various openSUSE-specific font config directories
allow creating/writing config dirs

kde:

allow access to common KDE-specific settings ([MR327][MR327])
allow access to global KDE settings ([MR327][MR327])

gnome:

allow reading gtk-3.0 cache files
allow creating config dirs

Tests

fix mount test to use next available loop device ([MR379][MR379])
update tests to support distros with user-merge where /bin and /sbin are symlinks ([MR331][MR331])
fix regression test failures around new binary cache layout
update tests for new network domain keywords
update tests for base abstraction changes

Documentation

apparmor.d (7):

update list of network domain keywords ([MR349][MR349])
drop unsupported 'to' option for link rules from manpage ([MR368][MR368])

File Description Downloads
download icon apparmor-2.13.3.tar.gz (md5, sig) AppArmor 2.13.3 1,681
last downloaded 24 hours ago
Total downloads: 1,681

2.13.2 release from the 2.13 series released 2018-12-21

File Description Downloads
download icon apparmor-2.13.2.tar.gz (md5, sig) AppArmor 2.13.2 876
last downloaded today
Total downloads: 876

2.13.1 release from the 2.13 series released 2018-10-13

File Description Downloads
download icon apparmor-2.13.1.tar.gz (md5, sig) AppArmor 2.13.1 524
last downloaded 2 weeks ago
Total downloads: 524

2.13.0 release from the 2.13 series released 2018-04-15

Release information
Release notes:

Detailed changelog

Build Infrastructure

  fix $(PWD) when using "make -C profiles"
  add support for coverity python scan

Policy Compiler (a.k.a apparmor_parser)

  add support for multiple policy cache directories
  add support for overlay cache locations
  add support for conditional includes
  separate features used to compile policy and kernel cache features
  add option to print the cache directory/directories
  fix error when arg parsing fails
  drop display_usage() calls after printing an error message
  fix regression in network mediation when using feature pinning
  disable write cache if filesystem is read-only and don't abort
  fix parser so that cache creation failure doesn't cause load failure

Init

  add apparmor.service
  add aa-teardown utility and the apparm...

File Description Downloads
download icon apparmor-2.13.tar.gz (md5, sig) AppArmor 2.13.0 2,854
last downloaded today
Total downloads: 2,854

2.12.3 release from the 2.12 series released 2019-06-18

Release information
Changelog:

Changes in This Release

Build Infrastructure

add files to .gitignore:

swig auto generated files for ruby (MR366)

fix libapparmor swig 4 failure 'aa_log_record' object has no attribute '__getattr__' (BUG33)

Policy Compiler (a.k.a apparmor_parser)

clean up error handling (dbug921866, LP1815294)
fix parsing of target profile NAME in directed transitions “px -> NAME"
improve runtime attachment by determine xmatch priority based on smallest DFA match
don't skip cache just because parser optimizations are specified

Init

ensure error value is returned correctly (MR352)

Utils

logprof/genprof:

drop failing corner-case check in logparser.py (bso1120472, MR297)
drop unused get_profile_filename() from logparser.py (MR297)
fix error KeyError: 'logfiles' when no logprof.conf exists (MR365)
don't drop later events when user selects to deny a hat (MR378)

update network keyword list and add corresponding tests (MR350)

Policy

Profiles

dnsmasq: Work around breakage caused by {bin,sbin} alternation (bso1127073, MR346)
dovecot:

allow FD passing between dovecot and dovecot's anvil (MR336)
allow chroot'ing the auth processes (MR336)
let dovecot/anvil rw the auth-penalty socket (MR336)
auth processes need to read from postfix auth socket (MR336)
add abstractions/ssl_certs to lmtp (MR336)
align {pop3,managesieve}-login to imap-login
allow dovecot-lda to read anything under /usr/share/dovecot/protocols.d/
allow lmtp the dac_read_search capability
allow master to use SIGTERM on children that are slow to die

identd: allow network netlink dgram (MR353)
syslog-ng: add abstractions/python for python-parser

Abstractions

audio:

grant read access to the libao configuration files (dbug920670, MR320)
grant read access to the system-wide asound.conf (dbug920669, MR320)

fonts:

allow writing to owned fontconfig directories
allow creating owned fontconfig directories

gnome:

allow creating gtk-2, gtk-3 config directories
allow read/write access to gtk-3 config directory

kde:

update kde abstraction for common settings (MR327)
fix global settings access for Kubuntu and openSUSE (MR327)

ldapclient: allow read/write access to the nslcd socket
nameservice: allow /run/netconfig/resolv.conf (bso1097370)
nvidia: allow reading nvidia application profiles
postfix-common: make compatible with latest postfix profiles
python: allow /usr/local/lib/python3
qt5: read user configuration
ubuntu-browsers.d/multimedia: allow creating and writing to owned .adobe directory
vulkan: allow reading /etc/vulkan/icd.d/ (MR329)

Tests

fix various tests to cope with usr-merge (MR331)
fix mount test to use next available loop device (MR379)

Documentation

update list of network domain keywords in the apparmor.d manpage (MR349)
drop to option for link rules from the apparmor.d manpage (MR368)

File Description Downloads
download icon apparmor-2.12.3.tar.gz (md5, sig) AppArmor 2.12.3 207
last downloaded today
Total downloads: 207

2.12.2 release from the 2.12 series released 2018-12-21

File Description Downloads
download icon apparmor-2.12.2.tar.gz (md5, sig) AppArmor 2.12.2 94
last downloaded 2 weeks ago
Total downloads: 94

2.12.1 release from the 2.12 series released 2018-10-13

File Description Downloads
download icon apparmor-2.12.1.tar.gz (md5, sig) AppArmor 2.12.1 47
last downloaded 3 weeks ago
Total downloads: 47

2.12.0 release from the 2.12 series released 2017-12-24

File Description Downloads
download icon apparmor-2.12.tar.gz (md5, sig) AppArmor 2.12.0 1,996
last downloaded 3 weeks ago
Total downloads: 1,996

2.12 release from the 2.12 series released 2017-10-26

File Description Downloads
download icon apparmor-2.11.95.tar.gz (md5, sig) AppArmor 2.11.955 (aka 2.12.beta1) 104
last downloaded 2 weeks ago
Total downloads: 104

110 of 53 releases