** Changed in: apparmor (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989309
Title:
[FFe] new apparmor features for 3.0.7
Status in apparmor package in Ubuntu:
New
Bug description:
We propose two new features for 3.0.7 Apparmor:
1. parser support for user namespace mediation.
Since the last kernel update with commit
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-next&id=30bce26855c9171f8dee74d93308fd506730c914
Ubuntu 22.10 mediates user namespaces which allows for confined applications
to have unprivileged user namespace creation, instead of disabling it
completely.
If we want applications to have this ability, then we need to add support on
the parser, which is a feature we are introducing. Bug 1990064 is an example
caused by this.
2. userspace support for posix message queue mediation
Kernel also has POSIX message queue mediation with commit
https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-
next&id=44f28e2ccee2000c7da971876dd003d38a8232d8 which indicates that
if admins want to allow legitimate use of POSIX message queues, then
they will need the support of userspace tools.
We are also adding a fix for Bug 1990692 which will make the AppArmor
profiles for samba to be up to date with upstream.
TESTING
This has been extensively tested by the security team - this includes
following the documented Ubuntu merges test plan[1] for AppArmor and the
extensive QA Regression Tests[2] for AppArmor as well. This ensures that
the various applications that make heavy use of AppArmor (LXD, docker,
lxc, dbus, libvirt, snapd etc) have all been exercised and no regressions
have been observed. All tests have passed and demonstrated both apparmor
and the various applications that use it to be working as expected.
BUILD LOGS
This is currently uploaded to
https://launchpad.net/~georgiag/+archive/ubuntu/apparmor-kinetic-ffe, build
logs can be found on
Launchpad at:
https://launchpad.net/~georgiag/+archive/ubuntu/test2/+build/24518253 for
amd64
DEBDIFF
The debdiff can be found in the PPA:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+attachment/5620824/+files/apparmor-3.0.7-1ubuntu2-apt-upgrade.log
INSTALL / UPGRADE LOG
The apt upgrade log is attached in
[1] https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
[2]
https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
