AppArmor 2.13.0
Milestone information
- Project:
- AppArmor
- Series:
- 2.13
- Version:
- 2.13.0
- Released:
- Registrant:
- John Johansen
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- No bugs are targeted to this milestone.
Download files for this release
Release notes
Detailed changelog
Build Infrastructure
fix $(PWD) when using "make -C profiles"
add support for coverity python scan
Policy Compiler (a.k.a apparmor_parser)
add support for multiple policy cache directories
add support for overlay cache locations
add support for conditional includes
separate features used to compile policy and kernel cache features
add option to print the cache directory/
fix error when arg parsing fails
drop display_usage() calls after printing an error message
fix regression in network mediation when using feature pinning
disable write cache if filesystem is read-only and don't abort
fix parser so that cache creation failure doesn't cause load failure
Init
add apparmor.service
add aa-teardown utility and the apparmor.systemd wrapper for it
drop the old (open)SUSE initscript
Library
add support for multiple policy cache directories
add support for overlay cache locations
expand ignored file list
add .pacsave
add .pacnew
add .dpkg
add .dpkg-remove
expand skippable dir list
add .git
pam_apparmor
install pam_apparmor.so with write permission for its owner.
Utils
genprof/logprof
Set flags for profiles represented by a glob
comment out use_group to remove group restrictions
properly identify empty ouid/fsuid fields in logs
simplify write_include() and drop write_single()
change 'profile_changes' and 'serialize_opts' to dict()
mark profiles with multiple rules in one line as known-failing
aa-status: split profile from exec name
aa-nofify
add ability to customize notification message.
set DBUS_SESSION_
Policy
abstractions
base: allow ld.so.conf and friends.
gnupg: allow pubring.kbx
ubuntu-browsers: fix for 64bit openSUSE
add dri-enumerate abstraction
add new dri-common abstraction to contain basic DRI-specific rules.
move DRI-specific rules into it's own abstraction
nvidia
allow reading memory block size
allow creating NVIDIA-specific user directories
mlmmj-send: allow reading digesters.d/*
mlmmj-sub: fix moderated subscription
dovecot
config: allow dac_read_search and reading ssl-parameters.dat
auth: allow writing /run/dovecot/
add stats profile, and allow dovecot to run it
dovecot-lda: allow reading anything under /usr/share/
dnsmasq: allow chown capability.
ntp: allow clockstats
Documentation
add aa-teardown man page
aa_policy_cache and aa_features man pages to add new libapparmor functions to support multiple cache dirs, and overlay cache locations
update apparmor_parser man page for using overlay cache locations
update apparmor.d(7) to document conditional includes
update notify.conf man page, and its default configuration
update apparmor(7) manpage clarify the effect of reloading a profile.
Translations
Tests
parser
Update caching tests to use the --print-cache-dir option
fix includes to allow white space
add tests for relative path includes
libapparmor
update for multiple caches
update for overlay cache locations
utils
make tests less verbose
ignore tests for 'include if exists' ... and some exotic includes that are not supported by the tools yet
regression tests
fix regression tests to pass on 4.14 upstream kernel
Changelog
This release does not have a changelog.
0 blueprints and 0 bugs targeted
There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.