[apparmor] AppArmor 2.13.1 Released

Christian Boltz apparmor at cboltz.de
Sun Oct 14 18:31:39 UTC 2018 

Hello,

thanks for the 2.13.1 and 2.12.1 releases!

As usual ;-) a release is only good after applying a few post-release 
patches. For those who weren't on IRC today, here's a short summary 
about two regressions I noticed:

* syntax error in rc.apparmor.functions (2.13.1 + master)
  This breaks "systemctl start apparmor" and probably a few others using
  rc.apparmor.functions, at least with bash as shell. Luckily the fix is
  quite easy:   https://gitlab.com/apparmor/apparmor/merge_requests/240

* regression in the dovecot and apache profiles caused by profile name
  with alternations (2.11..master)

  https://gitlab.com/apparmor/apparmor/merge_requests/149 changed the 
  profiles with "sbin" in the path to also work on merged bin and sbin, 
  so the profile name now contains {bin,sbin}. The signal rules in 
  dovecot-common and apache2-common abstractions were also updated, but 
  in a wrong way. They need   peer=....\{bin,sbin\}...   instead of just
  {bin,sbin} - and this little detail means signals get denied :-(

  The obvious fix for master (and possibly the "newer" branches 2.12 and 
  2.13) is to use profile names. For 2.11 which is somewhat older, I 
  tend to revert the change to {bin,sbin} to avoid changing profile 
  names in that old branch at all [1]. (For completeness: !149 wasn't 
  backported to the 2.10 branch.)

  Any opinions and/or volunteers?

Oh, and I still hope to see a fix for   Px -> foo//bar   ;-)


That said - would it make sense to release 2.13.2 and 2.12.2 in a few 
days to fix these regressions?


Regards,

Christian Boltz

[1] The maintenance updates for the 2.11 and 2.10 branches weren't done 
    yet, and IMHO we should delay them by a few days and get this issue 
    fixed first.

-- 
Bauchumfang ist ein Admin-Kompetenz-Signal; wer schließlich nicht
mehr turnschuht sondern automatisiert und remote administrieren
kann, muß sich nicht mehr soviel bewegen. [Harald Wagener zu
https://plus.google.com/+KristianKöhntopp/posts/B3hUEmBN5U3]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20181014/803de847/attachment.sig>

More information about the AppArmor mailing list