Ubuntu
linux package

linux 6.8.0-7.7 source package in Ubuntu

Changelog

linux (6.8.0-7.7) noble; urgency=medium

  * noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)

  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
      management of the sock security
    - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
      with stacked LSMs
    - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
      hook
    - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
      in audit_context
    - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
      data
    - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
      audit_names
    - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
      security_cred_getlsmblob LSM hook
    - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
      from secid to lsmblob
    - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
      audit data
    - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_lsmblob_to_secctx
    - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
      security_lsmblob_to_secctx module selection
    - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
      records in an audit_buffer
    - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
      multiple task security contexts
    - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
      multiple object contexts
    - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
      lsmcontext_init()
    - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
      security_getprocattr
    - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
      on release
    - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
    - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
      handles the context string
    - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
      exclusive flag
    - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
      size tracking
    - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
      instead of module specific data
    - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
      management of the key security blob
    - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
      management of the mnt_opts security blob
    - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
      ENOSYS in inode_setxattr
    - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
      scaffolding
    - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
      netlabel
    - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
      security_cred_getsecid() to a single LSM
    - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
      LSM_FLAG_EXCLUSIVE
    - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
      [12/95]: add/use fns to print hash string hex value
    - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
    - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
    - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
    - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
    - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
    - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
    - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
      prompt response
    - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
      reuse and delete
    - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
      uresponse
    - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
    - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
    - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
      simplify adding strings
    - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
    - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
      profile name
    - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
    - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
      support
    - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
      interruptible
    - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
    - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
    - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
      notification
    - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
    - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
      reply that denies all access
    - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
      can check if restriction are in place
    - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
      use lookup_perms()
    - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
    - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
      RULE_MEDIATES
    - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
      entry have correct flags
    - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
      unconfined cannot use change_hat
    - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
      provide semantics of some checks
    - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
    - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
      label_mediates()
    - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
      permission.
    - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
      the kill signal
    - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
      not the first entry
    - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
      when a user ns is created
    - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
      policy state machine
    - SAUCE: apparmor4.0.0 [87/87]: fixup notify
    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS

  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
    (LP: #2032602)
    - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
      notifications
    - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
      variable for a feature value
    - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
      profiles can mediate user namespaces

 -- Paolo Pisati <email address hidden>  Thu, 08 Feb 2024 12:05:44 +0100

Upload details

Uploaded by:
Paolo Pisati
Uploaded to:
Noble
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64 armhf arm64 ppc64el s390x i386
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
linux_6.8.0-7.7.tar.gz 227.2 MiB 22f0b6b0b048b1a044e0220f4ae3e49aa20e2152034099af4821ef91a1a89723
linux_6.8.0-7.7.dsc 7.7 KiB d7289912179f1aeeecb7b176b96ee624f6c6dde3c16f150b8a6ca91e7de08feb

View changes file

Binary packages built by this source

linux-buildinfo-6.8.0-7-generic: No summary available for linux-buildinfo-6.8.0-7-generic in ubuntu noble.

No description available for linux-buildinfo-6.8.0-7-generic in ubuntu noble.

linux-buildinfo-6.8.0-7-generic-64k: No summary available for linux-buildinfo-6.8.0-7-generic-64k in ubuntu noble.

No description available for linux-buildinfo-6.8.0-7-generic-64k in ubuntu noble.

linux-cloud-tools-6.8.0-7: No summary available for linux-cloud-tools-6.8.0-7 in ubuntu noble.

No description available for linux-cloud-tools-6.8.0-7 in ubuntu noble.

linux-cloud-tools-6.8.0-7-generic: No summary available for linux-cloud-tools-6.8.0-7-generic in ubuntu noble.

No description available for linux-cloud-tools-6.8.0-7-generic in ubuntu noble.

linux-cloud-tools-common: Linux kernel version specific cloud tools for version 6.8.0

 This package provides the architecture independent parts for kernel
 version locked tools for cloud tools for version 6.8.0.

linux-headers-6.8.0-7: No summary available for linux-headers-6.8.0-7 in ubuntu noble.

No description available for linux-headers-6.8.0-7 in ubuntu noble.

linux-headers-6.8.0-7-generic: No summary available for linux-headers-6.8.0-7-generic in ubuntu noble.

No description available for linux-headers-6.8.0-7-generic in ubuntu noble.

linux-headers-6.8.0-7-generic-64k: No summary available for linux-headers-6.8.0-7-generic-64k in ubuntu noble.

No description available for linux-headers-6.8.0-7-generic-64k in ubuntu noble.

linux-image-6.8.0-7-generic: No summary available for linux-image-6.8.0-7-generic in ubuntu noble.

No description available for linux-image-6.8.0-7-generic in ubuntu noble.

linux-image-6.8.0-7-generic-dbgsym: No summary available for linux-image-6.8.0-7-generic-dbgsym in ubuntu noble.

No description available for linux-image-6.8.0-7-generic-dbgsym in ubuntu noble.

linux-image-unsigned-6.8.0-7-generic: No summary available for linux-image-unsigned-6.8.0-7-generic in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-7-generic in ubuntu noble.

linux-image-unsigned-6.8.0-7-generic-64k: No summary available for linux-image-unsigned-6.8.0-7-generic-64k in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-7-generic-64k in ubuntu noble.

linux-image-unsigned-6.8.0-7-generic-64k-dbgsym: No summary available for linux-image-unsigned-6.8.0-7-generic-64k-dbgsym in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-7-generic-64k-dbgsym in ubuntu noble.

linux-image-unsigned-6.8.0-7-generic-dbgsym: No summary available for linux-image-unsigned-6.8.0-7-generic-dbgsym in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-7-generic-dbgsym in ubuntu noble.

linux-lib-rust-6.8.0-7-generic: No summary available for linux-lib-rust-6.8.0-7-generic in ubuntu noble.

No description available for linux-lib-rust-6.8.0-7-generic in ubuntu noble.

linux-libc-dev: Linux Kernel Headers for development

 This package provides headers from the Linux kernel. These headers
 are used by the installed headers for GNU glibc and other system
 libraries. They are NOT meant to be used to build third-party modules for
 your kernel. Use linux-headers-* packages for that.

linux-modules-6.8.0-7-generic: No summary available for linux-modules-6.8.0-7-generic in ubuntu noble.

No description available for linux-modules-6.8.0-7-generic in ubuntu noble.

linux-modules-6.8.0-7-generic-64k: No summary available for linux-modules-6.8.0-7-generic-64k in ubuntu noble.

No description available for linux-modules-6.8.0-7-generic-64k in ubuntu noble.

linux-modules-extra-6.8.0-7-generic: No summary available for linux-modules-extra-6.8.0-7-generic in ubuntu noble.

No description available for linux-modules-extra-6.8.0-7-generic in ubuntu noble.

linux-modules-iwlwifi-6.8.0-7-generic: No summary available for linux-modules-iwlwifi-6.8.0-7-generic in ubuntu noble.

No description available for linux-modules-iwlwifi-6.8.0-7-generic in ubuntu noble.

linux-source-6.8.0: Linux kernel source for version 6.8.0 with Ubuntu patches

 This package provides the source code for the Linux kernel version
 6.8.0.
 .
 This package is mainly meant for other packages to use, in order to build
 custom flavours.
 .
 If you wish to use this package to create a custom Linux kernel, then it
 is suggested that you investigate the package kernel-package, which has
 been designed to ease the task of creating kernel image packages.
 .
 If you are simply trying to build third-party modules for your kernel,
 you do not want this package. Install the appropriate linux-headers
 package instead.

linux-tools-6.8.0-7: No summary available for linux-tools-6.8.0-7 in ubuntu noble.

No description available for linux-tools-6.8.0-7 in ubuntu noble.

linux-tools-6.8.0-7-generic: No summary available for linux-tools-6.8.0-7-generic in ubuntu noble.

No description available for linux-tools-6.8.0-7-generic in ubuntu noble.

linux-tools-6.8.0-7-generic-64k: No summary available for linux-tools-6.8.0-7-generic-64k in ubuntu noble.

No description available for linux-tools-6.8.0-7-generic-64k in ubuntu noble.

linux-tools-common: Linux kernel version specific tools for version 6.8.0

 This package provides the architecture independent parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 6.8.0.

linux-tools-host: Linux kernel VM host tools

 This package provides kernel tools useful for VM hosts.