[Bug 1298611] Re: [FFe] apparmor signal and ptrace mediation
Launchpad Bug Tracker
1298611 at bugs.launchpad.net
Fri Apr 4 08:53:35 UTC 2014
This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5
---------------
apparmor (2.8.95~2430-0ubuntu5) trusty; urgency=medium
* debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof-ubuntu
apparmor (2.8.95~2430-0ubuntu4) trusty; urgency=medium
[ John Johansen, Steve Beattie ]
* Add userspace support for AppArmor signals and ptrace mediation
(LP: #1298611)
+ debian/patches/mediate-signals.patch,
debian/patches/change-signal-syntax.patch: Parse signal rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/change-ptrace-syntax.patch,
debian/patches/mediate-ptrace.patch: Parse ptrace rules with
apparmor_parser. See the apparmor.d(5) man page for syntax details.
+ debian/patches/test-signal-rules.patch,
debian/patches/test-ptrace-rules.patch,
debian/patches/update-tests-for-new-semantics.patch: Update existing
tests and add new tests for signal and ptrace mediation
+ debian/patches/fix-garbage-in-preprocessor-output.patch: Fix bug causing
apparmor_parser preprocessor output to contain garbage after include
statements
+ debian/patches/fix-double-comma-in-preprocessor-output.patch: Fix bug
causing apparmor_parser preprocessor output to contain double commas
after some rules
+ debian/patches/symtab-tests-and-seenlist-bug.patch,
debian/patches/add-profile-name-variable.patch: Add ${profile_name}
variable for use in profiles when rules need to specify the current
profile's name. This is useful for signal and ptrace rules that specify
+ debian/patches/fix-names-treated-as-condlistid.patch: Fix
apparmor_parser bug that caused mount and dbus rules to fail for sets of
values
[ Jamie Strandboge ]
* debian/patches/update-base-abstraction-for-signals-and-ptrace.patch:
Adjust the base abstraction for signals and ptrace mediation. Profiles
that use the base abstraction can deny any of the granted permissions to
achieve tighter confinement.
* debian/patches/manpage-signal-ptrace.patch: Update the apparmor.d man
page to document signal rules, ptrace rules, and variables for use in
AppArmor profiles
* debian/patches/dnsmasq-libvirtd-signal-ptrace.patch: Update the dnsmasq
profile to allow libvirtd to send signals to and ptrace read the dnsmasq
process
* debian/patches/update-chromium-browser.patch: Adjust the chromium-browser
profile for permissions needed in newer chromium-browser versions and add
the rules needed for AppArmor ptrace mediation
[ Tyler Hicks ]
* Add new rule type support to aa.py to fix tracebacks when using the Python
utilities in apparmor-utils on systems with AppArmor profiles containing
previously unsupported rule types
- debian/patches/python-utils-file-support.patch: Support path rules
containing the "file" prefix (LP: #1295346)
- debian/patches/python-utils-signal-support.patch: Parse and write signal
rules (LP: #1300316)
- debian/patches/python-utils-ptrace-support.patch: Parse and write ptrace
rules (LP: #1300317)
- debian/patches/python-utils-pivot_root-support.patch: Parse and write
pivot_root rules (LP: #1298678)
-- Jamie Strandboge <jamie at ubuntu.com> Fri, 04 Apr 2014 01:07:24 -0500
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptrace mediation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+subscriptions
More information about the Ubuntu-server-bugs
mailing list