[ubuntu/mantic-proposed] linux-laptop 6.5.0-1004.7 (Accepted)

Andy Whitcroft apw at canonical.com
Sun Oct 8 15:55:27 UTC 2023 

linux-laptop (6.5.0-1004.7) mantic; urgency=medium

  * mantic/linux-laptop: 6.5.0-1004.7 -proposed tracker (LP: #2038703)

  [ Ubuntu: 6.5.0-9.9 ]

  * mantic/linux: 6.5.0-9.9 -proposed tracker (LP: #2038687)
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - re-apply apparmor 4.0.0
  * Disable restricting unprivileged change_profile by default, due to LXD
    latest/stable not yet compatible with this new apparmor feature
    (LP: #2038567)
    - SAUCE: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in

  [ Ubuntu: 6.5.0-8.8 ]

  * mantic/linux: 6.5.0-8.8 -proposed tracker (LP: #2038577)
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor3.2.0 [02/60]: rename SK_CTX() to aa_sock and make it an
      inline fn
    - SAUCE: apparmor3.2.0 [05/60]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor3.2.0 [08/60]: Stacking v38: LSM: Identify modules by more
      than name
    - SAUCE: apparmor3.2.0 [09/60]: Stacking v38: LSM: Add an LSM identifier for
      external use
    - SAUCE: apparmor3.2.0 [10/60]: Stacking v38: LSM: Identify the process
      attributes for each module
    - SAUCE: apparmor3.2.0 [11/60]: Stacking v38: LSM: Maintain a table of LSM
      attribute data
    - SAUCE: apparmor3.2.0 [12/60]: Stacking v38: proc: Use lsmids instead of lsm
      names for attrs
    - SAUCE: apparmor3.2.0 [13/60]: Stacking v38: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor3.2.0 [14/60]: Stacking v38: LSM: Infrastructure management
      of the sock security
    - SAUCE: apparmor3.2.0 [15/60]: Stacking v38: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor3.2.0 [16/60]: Stacking v38: LSM: provide lsm name and id
      slot mappings
    - SAUCE: apparmor3.2.0 [17/60]: Stacking v38: IMA: avoid label collisions with
      stacked LSMs
    - SAUCE: apparmor3.2.0 [18/60]: Stacking v38: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor3.2.0 [19/60]: Stacking v38: LSM: Use lsmblob in
      security_kernel_act_as
    - SAUCE: apparmor3.2.0 [20/60]: Stacking v38: LSM: Use lsmblob in
      security_secctx_to_secid
    - SAUCE: apparmor3.2.0 [21/60]: Stacking v38: LSM: Use lsmblob in
      security_secid_to_secctx
    - SAUCE: apparmor3.2.0 [22/60]: Stacking v38: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor3.2.0 [23/60]: Stacking v38: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor3.2.0 [24/60]: Stacking v38: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor3.2.0 [25/60]: Stacking v38: LSM: Use lsmblob in
      security_cred_getsecid
    - SAUCE: apparmor3.2.0 [26/60]: Stacking v38: LSM: Specify which LSM to
      display
    - SAUCE: apparmor3.2.0 [28/60]: Stacking v38: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor3.2.0 [29/60]: Stacking v38: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor3.2.0 [30/60]: Stacking v38: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor3.2.0 [31/60]: Stacking v38: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor3.2.0 [32/60]: Stacking v38: LSM: security_secid_to_secctx in
      netlink netfilter
    - SAUCE: apparmor3.2.0 [33/60]: Stacking v38: NET: Store LSM netlabel data in
      a lsmblob
    - SAUCE: apparmor3.2.0 [34/60]: Stacking v38: binder: Pass LSM identifier for
      confirmation
    - SAUCE: apparmor3.2.0 [35/60]: Stacking v38: LSM: security_secid_to_secctx
      module selection
    - SAUCE: apparmor3.2.0 [36/60]: Stacking v38: Audit: Keep multiple LSM data in
      audit_names
    - SAUCE: apparmor3.2.0 [37/60]: Stacking v38: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor3.2.0 [38/60]: Stacking v38: LSM: Add a function to report
      multiple LSMs
    - SAUCE: apparmor3.2.0 [39/60]: Stacking v38: Audit: Allow multiple records in
      an audit_buffer
    - SAUCE: apparmor3.2.0 [40/60]: Stacking v38: Audit: Add record for multiple
      task security contexts
    - SAUCE: apparmor3.2.0 [41/60]: Stacking v38: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor3.2.0 [42/60]: Stacking v38: Audit: Add record for multiple
      object contexts
    - SAUCE: apparmor3.2.0 [43/60]: Stacking v38: netlabel: Use a struct lsmblob
      in audit data
    - SAUCE: apparmor3.2.0 [44/60]: Stacking v38: LSM: Removed scaffolding
      function lsmcontext_init
    - SAUCE: apparmor3.2.0 [45/60]: Stacking v38: AppArmor: Remove the exclusive
      flag
    - SAUCE: apparmor3.2.0 [46/60]: combine common_audit_data and
      apparmor_audit_data
    - SAUCE: apparmor3.2.0 [47/60]: setup slab cache for audit data
    - SAUCE: apparmor3.2.0 [48/60]: rename audit_data->label to
      audit_data->subj_label
    - SAUCE: apparmor3.2.0 [49/60]: pass cred through to audit info.
    - SAUCE: apparmor3.2.0 [50/60]: Improve debug print infrastructure
    - SAUCE: apparmor3.2.0 [51/60]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor3.2.0 [52/60]: enable userspace upcall for mediation
    - SAUCE: apparmor3.2.0 [53/60]: cache buffers on percpu list if there is lock
      contention
    - SAUCE: apparmor3.2.0 [55/60]: advertise availability of exended perms
    - SAUCE: apparmor3.2.0 [60/60]: [Config] enable
      CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
  * LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update
    apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor3.2.0 [57/60]: fix profile verification and enable it
  * udev fails to make prctl() syscall with apparmor=0 (as used by maas by
    default) (LP: #2016908) // update apparmor and LSM stacking patch set
    (LP: #2028253)
    - SAUCE: apparmor3.2.0 [27/60]: Stacking v38: Fix prctl() syscall with
      apparmor=0
  * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) //
    update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor3.2.0 [01/60]: add/use fns to print hash string hex value
    - SAUCE: apparmor3.2.0 [03/60]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor3.2.0 [04/60]: add user namespace creation mediation
    - SAUCE: apparmor3.2.0 [06/60]: af_unix mediation
    - SAUCE: apparmor3.2.0 [07/60]: Add fine grained mediation of posix mqueues

  [ Ubuntu: 6.5.0-7.7 ]

  * mantic/linux: 6.5.0-7.7 -proposed tracker (LP: #2037611)
  * kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
    - [Packaging] Revert arm64 image format to Image.gz
  * Mantic minimized/minimal cloud images do not receive IP address during
    provisioning (LP: #2036968)
    - [Config] Enable virtio-net as built-in to avoid race
  * Miscellaneous Ubuntu changes
    - SAUCE: Add mdev_set_iommu_device() kABI
    - [Config] update gcc version in annotations

Date: 2023-10-08 07:43:08.217298+00:00
Changed-By: Juerg Haefliger <juerg.haefliger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1004.7
-------------- next part --------------
Sorry, changesfile not available.

More information about the mantic-changes mailing list