AppArmor 3.0
Milestone information
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- No bugs are targeted to this milestone.
Download files for this release
Release notes
AppArmor 3.0 is a major new release of the AppArmor user space that makes an important change to policy development and support. Its focus is transitioning policy to the new features abi and as such other new features have been limited.
Apprmor 3.0 is a bridge release between older AppArmor 2.x policy and the newer AppArmor 3 style policy which requires the declaration of a features abi. As such AppArmor 3.0 will be a short lived release, and will not receive long term support. The following AppArmor 3.1 feature release is planned to be a regular release, please take this into account when including AppArmor 3.0 into a distro release.
This version of the userspace should work with all kernel versions from
2.6.15 and later (some earlier version of the kernel if they have the
apparmor patches applied). And supports features released in the 4.20
kernel.
The kernel portion of the project is maintained and pushed separately.
Highlighted new features
Policy now must declare the feature abi it was developed for if it is to use any new features. For further information please see the wiki.
The use of profile names that are based on pathnames are deprecated. For further information please see the wiki.
Support for new kernel features (requires appropriate features abi tagging in policy)
upstream v8 network socket rules
xattr attachment conditionals
capabilities PERFMON and BPF
rewritten aa-status
supports use in systems/images where python is not available
supports kill, unconfined and mixed profile modes
rewritten aa-notify
move from perl to python 3
shared backend with other python tools
support use of aa.CONFDIR instead of hard coded /etc/apparmor
improved message layout
improved support for kernels that support LSM stacking
support profile modes
enforce (default when no mode flag is supplied)
kill (experimental)
unconfined (experimental)
reference policy updated for 3.0 feature abi
basic support for systemd v246 early load of apparmor policy.
For fill release notes see https:/
Changelog
This release does not have a changelog.
0 blueprints and 0 bugs targeted
There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.