AppArmor 2.11.1
AppArmor 2.11.1 Release
Milestone information
- Project:
- AppArmor
- Series:
- 2.11
- Version:
- 2.11.1
- Released:
- Registrant:
- John Johansen
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 1 Christian Boltz, 1 Colin Ian King, 1 Tyler Hicks
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 11 Fix Released
Download files for this release
Release notes
Policy Compiler (a.k.a apparmor_parser)
Fix af_unix downgrade of network rules
Fix delete after new[]
Set parser executable path according to USE_SYSTEM make variable
Init
Preserve unknown profiles when restarting apparmor init/job/unit CVE-2017-6507 lp#1668892
Library
fix swig test_apparmor.py for zero length ptrace records
Don't print shell commands that check for test failures
Fix parallel make dependency issue in testsuite
Utils =
aa-notify - update to use normal urgency notifications to obtain intended behavior across DEs
Add network 'smc' keyword in NetworkRule
Prevent 'wa' conflicts for file rules
Carry over all autodep-generated rules in handle_children()
Ignore ptrace log events without denied_mask
Fix aa-logprof crash on ptrace garbage log events lp#1689667
Fix regressions caused by init_aa()
apparmor.
Fix import in test-aa-easyprof.py
Add option to specify the apparmor_parser path
Set parser base path according to USE_SYSTEM make variable
Accept parser base and include options in aa-easyprof
Update the logprof.conf in the test dir to point to in-tree paths
Improve error messages when profiles/parser is not found
Don't enforce ordering of dbus rule attributes lp#1628286
Fix failing tests in test-aa.py
Ignore change_hat events with error=-1 and "unconfined can not change_hat"
Remove re.LOCALE flag lp#1661766
update how questions are asked in profile generation
YaST
Fix save_profiles() for YaST https:/
Add aa-remove-unknown utility to unload unknown profiles lp#1668892
Policy
Abstractions
fix for non-latin file/directory names
gnome - allow reading GLib schemas.
wayland - allow wayland-
python - Adjust for python3.6
perl-base - adjust the multiarch alternation rule in the perl abstraction for modern Debian and Ubuntu systems
base - Allow sysconf(
nvidia - Update nvidia for newer nvidia drivers
Rename global variable "pid" to "log_pid"
glibc uses /proc/*/auxv and /proc/*/status files
Apache2 - profile updates for proper signal handling, optional saslauth,
and OCSP stapling
sshd - drop local/ include
/etc/
dovecot
Allow /var/run/
add the attach_disconnected flag
change Px to mrPx for /usr/lib/dovecot/*
dovecot-lda update lp#1650827
the attach_disconnected flags
read access to /usr/share/
rw for /run/dovecot/
Postfix
change abstractions/
add several permissions to postfix/error, postfix/lmtp and postfix/pipe
remove superfluous abstractions/
Samba profile updates for ActiveDirectory / Kerberos
traceroute - support TCP SYN for probes, quite net_admin request
Documentation
Add network 'smc' keyword to apparmor.d manpage
aa-status - update manpage for updated podchecker
Tests
libapparmor: fix ptrace regression test failure
Add --no-reload to various utils manpages
Ignore test failures about duplicated conditionals in dbus rules
readdir - test both getdents() and getdents64() if available
where necessary use getdents64 to fix arm64 build failure lp#1674245
No longer skip testing generated_
regression tests-
fix environ fail case
Changelog
This release does not have a changelog.