[ubuntu/xenial-proposed] ubuntu-core-security 16.04.8 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Wed Dec 16 22:54:11 UTC 2015
ubuntu-core-security (16.04.8) xenial; urgency=medium
* ubuntu/default:
- add timerfd and new mbarrier syscall
- allow ixr on tset
- remove explicit apparmor denials for ptrace, mount and mknod since
others caps may add them (eg, container-management)
- add a few rules that aren't information leak to ease hardware assignment
policy
* debian/README.seccomp: update for 4.3 syscalls
* remove 15.04 and 15.10 policy
* ubuntu/network-client:
- don't explicitly deny network-manager in ubuntu-core policy. This made
sense on Touch where everything was noisy, but network-manager only
exists as a snap on core.
- remove accept, accept4, listen and bind (must use either unix-listener
or network-listener instead)
* add the identified new caps for 16.04
* rename network-admin to network-management
* rename network-firewall to firewall-management
* rename network-status to network-monitor
* rename network-service to network-listener
* rename snapd to snap-management
* add compatibility symlinks for renamed caps (this will be removed for
16.04 release)
* ubuntu/network-listener: update comment for socket()
Date: Wed, 16 Dec 2015 16:46:59 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Security <security at ubuntu.com>
https://launchpad.net/ubuntu/+source/ubuntu-core-security/16.04.8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 16 Dec 2015 16:46:59 -0600
Source: ubuntu-core-security
Binary: ubuntu-core-security-apparmor ubuntu-core-security-seccomp ubuntu-core-security-utils
Architecture: source
Version: 16.04.8
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Security <security at ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
ubuntu-core-security-apparmor - AppArmor easyprof templates for Ubuntu Core
ubuntu-core-security-seccomp - Seccomp templates for Ubuntu Core
ubuntu-core-security-utils - Security utilities for Ubuntu Core
Changes:
ubuntu-core-security (16.04.8) xenial; urgency=medium
.
* ubuntu/default:
- add timerfd and new mbarrier syscall
- allow ixr on tset
- remove explicit apparmor denials for ptrace, mount and mknod since
others caps may add them (eg, container-management)
- add a few rules that aren't information leak to ease hardware assignment
policy
* debian/README.seccomp: update for 4.3 syscalls
* remove 15.04 and 15.10 policy
* ubuntu/network-client:
- don't explicitly deny network-manager in ubuntu-core policy. This made
sense on Touch where everything was noisy, but network-manager only
exists as a snap on core.
- remove accept, accept4, listen and bind (must use either unix-listener
or network-listener instead)
* add the identified new caps for 16.04
* rename network-admin to network-management
* rename network-firewall to firewall-management
* rename network-status to network-monitor
* rename network-service to network-listener
* rename snapd to snap-management
* add compatibility symlinks for renamed caps (this will be removed for
16.04 release)
* ubuntu/network-listener: update comment for socket()
Checksums-Sha1:
acd42ada21959567907206988db554e4607b99b6 1908 ubuntu-core-security_16.04.8.dsc
c4c73c0535dad61b86572f8ca2ce471aae7ff3d2 20744 ubuntu-core-security_16.04.8.tar.xz
Checksums-Sha256:
10433b4befebc39632aa3a201e7c3b27cceb4c8bf7aee4bef36a683960287a9c 1908 ubuntu-core-security_16.04.8.dsc
1d605e06552c9d7af632de96484d103442de89f264baffd5f7e2b3b809718a57 20744 ubuntu-core-security_16.04.8.tar.xz
Files:
f2fb4d29e7baa5c2903cbd72246d118c 1908 admin optional ubuntu-core-security_16.04.8.dsc
e7a1aa541f3d86f320449dfcd907db5c 20744 admin optional ubuntu-core-security_16.04.8.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWceqPAAoJEFHb3FjMVZVz2M8P/AkegnYCxnSn9ggNawSZvxOf
0A19hMx5QLnWrkWvsCWKjjOpiAFIjQ29ct9jvrRxzwlGH6meuga4u3voH6kU9CSV
8Fl94VU2aM17E5hJQT06yoyu5tGHkinDkYwHct9SkV0inNF6djJjE36W79ifZHD0
tmrB2/xjEDh3Mwvq50rGkGwOqQHtTyuysDJy+PO2CDgZ5SgZeqm2o2ovygUHY8fX
y1jPu1kCmco7AlczQyengAJEqMahEI21S6RTeDKlflwwSTECciL/xEUhq8QZjUtf
AVqvqcLl8u8xfzmSym8QRI3Hrk5Qv1Uq20Y/trovh7viLLJnTURpLQoK3nnaL62r
H8s9SUU42FzrBiPSBOAStlHMPZAjkrJ5g7Xn4fiHv5dLS7uFs1mu1OJgeCIrdmRP
UvH8PaLjtIJfypTNzH/zEJvxnFwPOaDUIbQWWwdsNpnRkpWgfpGaen4zhFUFRzx8
/+Bwo1WoBhhdv8cwJpe9gSKWwoUhnfj+eevw4ZFpi8hG5N0/Ua2EzpJSbRVOLi0r
Uztxq1ongbvzD68ucGf5e7u8DDZ6ThdI6MrgD3tnpE0dM5AJl4ue4wUUQVZ8nb9O
jC84LMuVEXyl4V6OO2JGMbaP9WI5W1EFUjom8zkKraO6Yl7+IO0uh/MnX8PrY7XS
PUz4gl/vdFEP5n20hJ+r
=XY7q
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list