[Kernel-packages] [Bug 2017903] [NEW] LSM stacking and AppArmor for 6.2: additional fixes

Thu, 27 Apr 2023 06:30:08 -0700 

Public bug reported:

[Impact]

We maintain custom LSM stacking and AppArmor SAUCE patches in our kernel
to provide additional features that are not available in the upstream
AppArmor.

We have experienced occasional bugs in the lunar kernel (specifically
with the environ.sh test) that can lead to system crashes / failures
(such as potential NULL pointer dereference).

[Test case]

Run AppArmor autopkgtest / qa-regression-testing.

[Fix]

Apply the following additional fixes provided by AppArmor upstream
maintainer:

  UBUNTU: SAUCE: apparmor: fix policy_compat perms remap for file dfa
  UBUNTU: SAUCE: apparmor: fix profile verification and enable it
  UBUNTU: SAUCE: apparmor: fix: add missing failure check in 
compute_xmatch_perms
  UBUNTU: SAUCE: apparmor: fix: kzalloc perms tables for shared dfas

[Regression potential]

Additional fixes are touching only AppArmor specific code, so we may
experience regressions (bugs / behavior change) only in apparmor by
applying them.

** Affects: linux (Ubuntu)
     Importance: Medium
         Status: Triaged

** Affects: linux (Ubuntu Lunar)
     Importance: Medium
         Status: Triaged

** Also affects: linux (Ubuntu Lunar)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2017903

Title:
  LSM stacking and AppArmor for 6.2: additional fixes

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Lunar:
  Triaged

Bug description:
  [Impact]

  We maintain custom LSM stacking and AppArmor SAUCE patches in our
  kernel to provide additional features that are not available in the
  upstream AppArmor.

  We have experienced occasional bugs in the lunar kernel (specifically
  with the environ.sh test) that can lead to system crashes / failures
  (such as potential NULL pointer dereference).

  [Test case]

  Run AppArmor autopkgtest / qa-regression-testing.

  [Fix]

  Apply the following additional fixes provided by AppArmor upstream
  maintainer:

    UBUNTU: SAUCE: apparmor: fix policy_compat perms remap for file dfa
    UBUNTU: SAUCE: apparmor: fix profile verification and enable it
    UBUNTU: SAUCE: apparmor: fix: add missing failure check in 
compute_xmatch_perms
    UBUNTU: SAUCE: apparmor: fix: kzalloc perms tables for shared dfas

  [Regression potential]

  Additional fixes are touching only AppArmor specific code, so we may
  experience regressions (bugs / behavior change) only in apparmor by
  applying them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2017903/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to