[Patch 0/11] [Patch 0/11] [PULL][Xenial SRU] resubmit of reverted apparmor patches

John Johansen john.johansen at canonical.com
Fri Mar 31 13:25:25 UTC 2017 

This a resubmit of the majority of the apparmor patches that were
reverted during the last SRU cycle. Specifically it does NOT include
  UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check
  UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count
  UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir
  UBUNTU: SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode() fails
  UBUNTU: SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
which were involved in issues resulting in the revert. Fixes for these
patches will be resubmitted separately.

I have left the original acks on the resubmitted patches for documentation
purposes. The patches are also available via pull request below


The following changes since commit e78f6f48ee95aa77a2ec4b2ad5c9d733fe590573:

  UBUNTU: Ubuntu-4.4.0-71.92 (2017-03-24 09:33:36 -0300)

are available in the git repository at:

  ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-xenial.git apparmor

for you to fetch changes up to 5616d70d209f51ef12af74cf6ca582a433866a17:

  UBUNTU: SAUCE: apparmor: fix link auditing failure due to, uninitialized var (2017-03-31 06:21:11 -0700)

----------------------------------------------------------------
John Johansen (11):
  UBUNTU: SAUCE: apparmor: fix cross ns perm of unix domain sockets
  UBUNTU: SAUCE: apparmor: fix replacement race in reading rawdata
  UBUNTU: SAUCE: apparmor: fix reference count bug in label_merge_insert()
  UBUNTU: SAUCE: apparmor: fix label leak when new label is unused
  UBUNTU: SAUCE: apparmor: Don't audit denied access of special apparmor .null file
  UBUNTU: SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
  UBUNTU: SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked namespaces
  UBUNTU: SAUCE: apparmor: fix ns ref count link when removing profiles from policy
  UBUNTU: SAUCE: apparmor: null profiles should inherit parent control flags
  UBUNTU: SAUCE: fix regression with domain change in complain mode
  UBUNTU: SAUCE: apparmor: fix link auditing failure due to, uninitialized var

 security/apparmor/af_unix.c    |  2 +-
 security/apparmor/apparmorfs.c | 22 +++++-----
 security/apparmor/domain.c     | 91 +++++++++++++++++++++++++++---------------
 security/apparmor/file.c       |  2 +-
 security/apparmor/label.c      | 24 ++++++++---
 security/apparmor/lsm.c        |  3 ++
 security/apparmor/mount.c      |  1 +
 security/apparmor/policy.c     |  3 ++
 8 files changed, 98 insertions(+), 50 deletions(-)

More information about the kernel-team mailing list