[ubuntu/noble-proposed] apparmor 4.0.0~alpha2-0ubuntu7 (Accepted)

John Johansen john.johansen at canonical.com
Fri Dec 15 05:28:11 UTC 2023


apparmor (4.0.0~alpha2-0ubuntu7) noble; urgency=medium

  [Alex Murray]
  * Enable user namespace restrictions by default (LP: #2046477)
    - d/p/u/userns-runtime-disable.patch: add logic to disable user
      namespace restrictions if kernel lacks support
    - debian/usr/lib/sysctl.d/10-apparmor.conf: set sysctl value to 1 and
      update comment to match
    - debian/apparmor.service: run After systemd-sysctl.service

  [John Johansen]
  * Add additional AppArmor profiles to support third-party applications
    that use unprivileged user namespace
    - add d/p/u/oot-unconfined-profiles.patch
    - add profiles to debian/apparmor.install
       - /etc/apparmor.d/1password
       - /etc/apparmor.d/Discord
       - /etc/apparmor.d/MongoDB_Compass
       - /etc/apparmor.d/code
       - /etc/apparmor.d/firefox
       - /etc/apparmor.d/github-desktop
       - /etc/apparmor.d/obsidian
       - /etc/apparmor.d/opera
       - /etc/apparmor.d/polypane
       - /etc/apparmor.d/signal-desktop
       - /etc/apparmor.d/slack
       - /etc/apparmor.d/steam

  [Alex Murray]
  * Drop duplicate profiles for usr.share.code.bin.code and
  * usr.lib.multiarch.opera.opera since they are now also in
    d/p/u/oot-unconfined-profiles.patch
    - modified d/p/u/userns-unconfined-profiles.patch to remove them
    - removed from debian/apparmor.install
    - added to debian/apparmor.maintscript to ensure they are removed on
      upgrade

Date: Wed, 13 Dec 2023 20:38:45 -0800
Changed-By: John Johansen <john.johansen at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/apparmor/4.0.0~alpha2-0ubuntu7
-------------- next part --------------
Format: 1.8
Date: Wed, 13 Dec 2023 20:38:45 -0800
Source: apparmor
Built-For-Profiles: noudeb
Architecture: source
Version: 4.0.0~alpha2-0ubuntu7
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: John Johansen <john.johansen at canonical.com>
Launchpad-Bugs-Fixed: 2046477
Changes:
 apparmor (4.0.0~alpha2-0ubuntu7) noble; urgency=medium
 .
   [Alex Murray]
   * Enable user namespace restrictions by default (LP: #2046477)
     - d/p/u/userns-runtime-disable.patch: add logic to disable user
       namespace restrictions if kernel lacks support
     - debian/usr/lib/sysctl.d/10-apparmor.conf: set sysctl value to 1 and
       update comment to match
     - debian/apparmor.service: run After systemd-sysctl.service
 .
   [John Johansen]
   * Add additional AppArmor profiles to support third-party applications
     that use unprivileged user namespace
     - add d/p/u/oot-unconfined-profiles.patch
     - add profiles to debian/apparmor.install
        - /etc/apparmor.d/1password
        - /etc/apparmor.d/Discord
        - /etc/apparmor.d/MongoDB_Compass
        - /etc/apparmor.d/code
        - /etc/apparmor.d/firefox
        - /etc/apparmor.d/github-desktop
        - /etc/apparmor.d/obsidian
        - /etc/apparmor.d/opera
        - /etc/apparmor.d/polypane
        - /etc/apparmor.d/signal-desktop
        - /etc/apparmor.d/slack
        - /etc/apparmor.d/steam
 .
   [Alex Murray]
   * Drop duplicate profiles for usr.share.code.bin.code and
   * usr.lib.multiarch.opera.opera since they are now also in
     d/p/u/oot-unconfined-profiles.patch
     - modified d/p/u/userns-unconfined-profiles.patch to remove them
     - removed from debian/apparmor.install
     - added to debian/apparmor.maintscript to ensure they are removed on
       upgrade
Checksums-Sha1:
 e35a7a22e60ca619749df38a0c87b47b47a29f07 3048 apparmor_4.0.0~alpha2-0ubuntu7.dsc
 a65cb4ead059c10f03ff54331ce3e76bd4671abe 98312 apparmor_4.0.0~alpha2-0ubuntu7.debian.tar.xz
 a144bc2df447836b252a474c3f69b1bbc675a08f 8185 apparmor_4.0.0~alpha2-0ubuntu7_source.buildinfo
Checksums-Sha256:
 2abd0a01f3162651b2a28446966799d288f2bdbad39302a7642bcb26fc84d08e 3048 apparmor_4.0.0~alpha2-0ubuntu7.dsc
 402593e28d4558e44446f052653fb97b1226799727329e9a619699293cbd8095 98312 apparmor_4.0.0~alpha2-0ubuntu7.debian.tar.xz
 50d0aaeb7da5451b17f814e3ee1835ba5c4f609153e665a161f3cc1e80220712 8185 apparmor_4.0.0~alpha2-0ubuntu7_source.buildinfo
Files:
 a1a803549110e67044609e2c95057a8f 3048 admin optional apparmor_4.0.0~alpha2-0ubuntu7.dsc
 2cf20b691ddfd6fcfd9167299ec8e963 98312 admin optional apparmor_4.0.0~alpha2-0ubuntu7.debian.tar.xz
 ce026ae79280b7fcbaf90c219c7ce55f 8185 admin optional apparmor_4.0.0~alpha2-0ubuntu7_source.buildinfo
Original-Maintainer: Debian AppArmor Team <pkg-apparmor-team at lists.alioth.debian.org>


More information about the noble-changes mailing list