[ubuntu/oracular-proposed] linux 6.11.0-7.7 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Sep 10 09:25:56 UTC 2024
linux (6.11.0-7.7) oracular; urgency=medium
* oracular/linux: 6.11.0-7.7 -proposed tracker (LP: #2079949)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [1/99]: LSM: Infrastructure management of the sock
security
- SAUCE: apparmor4.0.0 [2/99]: LSM: Add the lsmblob data structure.
- SAUCE: apparmor4.0.0 [3/99]: LSM: Use lsmblob in security_audit_rule_match
- SAUCE: apparmor4.0.0 [4/99]: LSM: Call only one hook for audit rules
- SAUCE: apparmor4.0.0 [5/99]: LSM: Add lsmblob_to_secctx hook
- SAUCE: apparmor4.0.0 [6/99]: Audit: maintain an lsmblob in audit_context
- SAUCE: apparmor4.0.0 [7/99]: LSM: Use lsmblob in security_ipc_getsecid
- SAUCE: apparmor4.0.0 [8/99]: Audit: Update shutdown LSM data
- SAUCE: apparmor4.0.0 [9/99]: LSM: Use lsmblob in security_current_getsecid
- SAUCE: apparmor4.0.0 [10/99]: LSM: Use lsmblob in security_inode_getsecid
- SAUCE: apparmor4.0.0 [11/99]: Audit: use an lsmblob in audit_names
- SAUCE: apparmor4.0.0 [12/99]: LSM: Create new security_cred_getlsmblob LSM
hook
- SAUCE: apparmor4.0.0 [13/99]: Audit: Change context data from secid to
lsmblob
- SAUCE: apparmor4.0.0 [14/99]: Netlabel: Use lsmblob for audit data
- SAUCE: apparmor4.0.0 [15/99]: LSM: Ensure the correct LSM context releaser
- SAUCE: apparmor4.0.0 [16/99]: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [17/99]: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [18/99]: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [19/99]: LSM: lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [20/99]: LSM: security_lsmblob_to_secctx module
selection
- SAUCE: apparmor4.0.0 [21/99]: Audit: Create audit_stamp structure
- SAUCE: apparmor4.0.0 [22/99]: Audit: Allow multiple records in an
audit_buffer
- SAUCE: apparmor4.0.0 [23/99]: Audit: Add record for multiple task security
contexts
- SAUCE: apparmor4.0.0 [24/99]: audit: multiple subject lsm values for
netlabel
- SAUCE: apparmor4.0.0 [25/99]: Audit: Add record for multiple object contexts
- SAUCE: apparmor4.0.0 [26/99]: LSM: Remove unused lsmcontext_init()
- SAUCE: apparmor4.0.0 [27/99]: LSM: Improve logic in security_getprocattr
- SAUCE: apparmor4.0.0 [28/99]: LSM: secctx provider check on release
- SAUCE: apparmor4.0.0 [29/99]: LSM: Single calls in socket_getpeersec hooks
- SAUCE: apparmor4.0.0 [30/99]: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [31/99]: LSM: Identify which LSM handles the context
string
- SAUCE: apparmor4.0.0 [32/99]: AppArmor: Remove the exclusive flag
- SAUCE: apparmor4.0.0 [33/99]: LSM: Add mount opts blob size tracking
- SAUCE: apparmor4.0.0 [34/99]: LSM: allocate mnt_opts blobs instead of module
specific data
- SAUCE: apparmor4.0.0 [35/99]: LSM: Infrastructure management of the key
security blob
- SAUCE: apparmor4.0.0 [36/99]: LSM: Infrastructure management of the mnt_opts
security blob
- SAUCE: apparmor4.0.0 [37/99]: LSM: Remove lsmblob scaffolding
- SAUCE: apparmor4.0.0 [38/99]: LSM: Allow reservation of netlabel
- SAUCE: apparmor4.0.0 [39/99]: LSM: restrict security_cred_getsecid() to a
single LSM
- SAUCE: apparmor4.0.0 [40/99]: Smack: Remove LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [41/99]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[41/99]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [42/99]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [43/99]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [44/99]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [45/99]: af_unix mediation
- SAUCE: apparmor4.0.0 [46/99]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [47/99] fixup inode_set_attr
- SAUCE: apparmor4.0.0 [48/99]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [49/99]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [50/99]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [51/99]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [52/99]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [53/99]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [54/99]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [55/99]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [56/99]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [57/99]: prompt - fix caching
- SAUCE: apparmor4.0.0 [58/99]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [59/99]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [60/99]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [61/99]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [62/99]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [63/99]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [64/93] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [65/99]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [66/99]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [67/99]: userns - make it so special unconfined
profiles can mediate user namespaces
- SAUCE: apparmor4.0.0 [68/99]: add io_uring mediation
- SAUCE: apparmor4.0.0 [69/99]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [70/99]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [71/99]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [72/99]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [73/99]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [74/99]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [75/99]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [76/99]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [77/99]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [78/99]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [79/99]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [80/99]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [81/99]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [82/99]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [83/99]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [84/99]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [85/99]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [86/99]: fixup notify
- SAUCE: apparmor4.0.0 [87/99]: apparmor: add fine grained ipv4/ipv6 mediation
- SAUCE: apparmor4.0.0 [88/99]: apparmor: disable tailglob responses for now
- SAUCE: apparmor4.0.0 [89/99]: apparmor: Fix notify build warnings
- SAUCE: apparmor4.0.0 [90/99]: fix reserved mem for when we save ipv6
addresses
- SAUCE: apparmor4.0.0 [91/99]: fix address mapping for recvfrom
- SAUCE: apparmor4.0.0 [92/99]: apparmor: add support for 2^24 states to the
dfa state machine.
- SAUCE: apparmor4.0.0 [93/99]: apparmor: advertise to userspace support of
user upcall for file rules.
- SAUCE: apparmor4.0.0 [94/99]: apparmor: allocate xmatch for nullpdf inside
aa_alloc_null
- SAUCE: apparmor4.0.0 [95/99]: apparmor: properly handle cx/px lookup failure
for complain
- SAUCE: apparmor4.0.0 [96/99]: apparmor: fix prompt failing during large down
loads
- SAUCE: apparmor4.0.0 [97/99]: apparmor: fix allow field in notification
- SAUCE: apparmor4.0.0 [98/99]: fix build error with !CONFIG_SECURITY
- SAUCE: apparmor4.0.0 [99/99]: fix build error with in nfs4xdr
* Intel Lunar Lake / Battlemage enablement (LP: #2076209)
- drm/xe/lnl: Drop force_probe requirement
- drm/xe: Support 'nomodeset' kernel command-line option
- drm/i915/display: Plane capability for 64k phys alignment
- drm/xe: Align all VRAM scanout buffers to 64k physical pages when needed.
- drm/xe: Use separate rpm lockdep map for non-d3cold-capable devices
- drm/xe: Fix NPD in ggtt_node_remove()
- drm/xe/bmg: Drop force_probe requirement
- drm/xe/gsc: Fix FW status if the firmware is already loaded
- drm/xe/gsc: Track the platform in the compatibility version
- drm/xe/gsc: Wedge the device if the GSCCS reset fails
- drm/i915/bios: Update new entries in VBT BDB block definitions
- drm/xe/hwmon: Treat hwmon as a per-device concept
- drm/xe: s/xe_tile_migrate_engine/xe_tile_migrate_exec_queue
- drm/xe: Add xe_vm_pgtable_update_op to xe_vma_ops
- drm/xe: Add xe_exec_queue_last_fence_test_dep
- drm/xe: Add timeout to preempt fences
- drm/xe: Convert multiple bind ops into single job
- drm/xe: Update VM trace events
- drm/xe: Update PT layer with better error handling
- drm/xe: Add VM bind IOCTL error injection
- dma-buf: Split out dma fence array create into alloc and arm functions
- drm/xe: Invalidate media_gt TLBs in PT code
- drm/i915/display: Fix BMG CCS modifiers
- drm/xe: Use xe_pm_runtime_get in xe_bo_move() if reclaim-safe.
- drm/xe: Remove extra dma_fence_put on xe_sync_entry_add_deps failure
* [24.10 FEAT] [KRN1911] Vertical CPU Polarization Support Stage 2
(LP: #2072760)
- s390/wti: Introduce infrastructure for warning track interrupt
- s390/wti: Prepare graceful CPU pre-emption on wti reception
- s390/wti: Add wti accounting for missed grace periods
- s390/wti: Add debugfs file to display missed grace periods per cpu
- s390/topology: Add sysctl handler for polarization
- s390/topology: Add config option to switch to vertical during boot
- s390/smp: Add cpu capacities
- s390/hiperdispatch: Introduce hiperdispatch
- s390/hiperdispatch: Add steal time averaging
- s390/hiperdispatch: Add trace events
- s390/hiperdispatch: Add hiperdispatch sysctl interface
- s390/hiperdispatch: Add hiperdispatch debug attributes
- s390/hiperdispatch: Add hiperdispatch debug counters
- [Config] Initial set of new options HIPERDISPATCH_ON and
SCHED_TOPOLOGY_VERTICAL to yes for s390x
* Remove non-LPAE kernel flavor (LP: #2025265)
- [Packaging] Drop control.d/vars.generic-lpae
* generate and ship vmlinux.h to allow packages to build BPF CO-RE
(LP: #2050083)
- [Packaging] Don't call dh_all on linux-bpf-dev unless on master kernel
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following v6.11-rc7 rebase
Date: 2024-09-09 11:42:09.137384+00:00
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/6.11.0-7.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list