[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.1 --- apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low * Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work with newer kernels (LP: #660077) NOTE: user-tmp now uses 'owner' match, so non-default profiles will have to be adjusted when 2 separately confined applications that both use the user-tmp abstraction depend on being able to cooperatively share files with each other in /tmp or /var/tmp. * remove the following patches (features not appropriate for SRU): - 0002-add-chromium-browser.patch - 0003-local-includes.patch - 0004-ubuntu-abstractions-updates.patch * debian/rules (this makes it the same as what was shipped in 10.04 LTS release): - don't ship aa-update-browser and its man page (requires 0004-ubuntu-abstractions-updates.patch) - don't ship apparmor.d/local/ (requires 0003-local-includes.patch) - don't use dh_apparmor (not in Ubuntu 10.04 LTS) - don't ship chromium profile * remove debian/profiles/chromium-browser * remove debian/aa-update-browser* * debian/apparmor-profiles.postinst: revert to that in lucid release (requires dh_apparmor and 0002-add-chromium-browser.patch) * remove debian/apparmor-profiles.postrm: doesn't make sense without 0002-add-chromium-browser.patch * debian/control: - revert Build-Depends on debhelper (>= 5) - revert Standards-Version to 3.8.4 - revert Vcs-Bzr - use Conflicts/Replaces version that was in Ubuntu 10.04 LTS * debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id back into dbus, since profiles on 10.04 LTS expect it there * debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to be there apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low * New upstream release (LP: #660077) - The following patches were refreshed: + 0001-fix-release.patch + 0003-local-includes.patch + 0004-ubuntu-abstractions-updates.patch + 0008-lp648900.patch: renamed as 0005-lp648900.patch - The following patches were dropped (included upstream): + 0005-lp601583.patch + 0006-network-interface-enumeration.patch + 0007-gnome-updates.patch * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211) * debian/patches/0007-honor-cflags.patch: have the parser makefile honor CFLAGS environment variable. Brings back missing symbols for the retracer * debian/patches/0008-lp652674.patch: fix warnings for messages without denied or requested masks (LP: #652674) * debian/apparmor.init: fix path to aa-status (LP: #654841) * debian/apport/source_apparmor.py: apport hook should use root_command_hook() for running apparmor_status (LP: #655529) * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber cmdline details (LP: #657091) * debian/{rules,control}: move apache2 abstractions into the base package so we can put apache2 profiles into the -profiles package without aa-logprof bailing out. Patch by Marc Deslauriers. (LP: #539441) * debian/patches/0009-sensible-browser-pix.patch: use Pix with sensible-browser * debian/patches/0010-ubuntu-buildd.patch: skip parser caching test if the AppArmor securityfs introspection directory is not mounted, as is the case on Ubuntu buildds. apparmor (2.5.1~rc1-0ubuntu2) maverick; urgency=low * abstractions/ubuntu-email: adjustment for ever-changing thunderbird path (LP: #648900) apparmor (2.5.1~rc1-0ubuntu1) maverick; urgency=low [ Jamie Strandboge ] * New upstream RC release (revision 1413). In addition to getting the tools to work with the maverick kernel, this update fixes: - LP: #619521 - LP: #633369 - LP: #626451 - LP: #581525 - LP: #623467 (link and unlink still need to be addressed) * Dropped the following patches, included upstream: - 0002-lp615177.patch - 0004-ubuntu-pux.patch - 0006-kde4-config-pux.patch - 0007-lp605835.patch - 0012-lp625041.patch - 0013-lp623586.patch * Update the following patches: - rename 0010-fix-release.patch as 0001-fix-release.patch since this will likely always need to be here - rename 0005-add-chromium-browser.patch as 0002-add-chromium-browser.patch - rename 0001-local-includes.patch as 0003-local-includes.patch and update to use r1493 (from trunk) of local/README file. This can be dropped in 2.6. - collect the ubuntu abstractions updates pulled from trunk into 0004-ubuntu-abstractions-updates.patch. This can be dropped in 2.6. - rename 0008-lp601583.patch as 0005-lp601583.patch. This can be dropped in 2.5.1 final. * fix up some lintian warnings: - debian/cont
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Final bits of testing: * Installed all packages provided by the apparmor source and upgraded via update-manager with no problems * apparmor-notify works * guest session works and is in enforcing mode Between this, the other testing documented in this bug, and all the verified fixed bugs I updated todo, I think this is ready. Please let me know if more needs to be done. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Installed linux-image-generic-lts-backport-maverick and apparmor from lucid-proposed and QRT:test-apparmor.py passes on both amd64 and i386 (I also verified the specific bugs that address this configuration). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Tags added: verification-done ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
The following QRT scripts were used to test AppArmor: qrt-test-apache2.tar.gz: PASS* qrt-test-avahi.tar.gz: PASS** qrt-test-bind9.tar.gz: PASS qrt-test-browser.tar.gz: PASS qrt-test-clamav.tar.gz: PASS qrt-test-cups.tar.gz: PASS qrt-test-dhcp.tar.gz: PASS qrt-test-dovecot.tar.gz: Skipped*** qrt-test-evince.tar.gz: PASS qrt-test-libvirt.tar.gz: PASS qrt-test-mysql.tar.gz: PASS qrt-test-ntp.tar.gz: PASS qrt-test-openldap.tar.gz: PASS qrt-test-samba.tar.gz: PASS qrt-test-tcpdump.tar.gz: PASS * tested with libapache2-mod-apparmor enabled. Also configured hat for phpsysinfo and it worked fine ** works with apparmor-profiles installed with profile in enforce mode *** too many non-AppArmor script failures smbd and nmbd work as well as before. Specifically, smbd and nmbd needed write access to /var/log/samba/cores/ (bug in Lucid) and smbd needed access to the exported directories and files (like normal) Based on the QRT script successes and real world testing, it is my opinion that there are no functional regressions in the update in lucid- proposed. Next up for tomorrow, testing the maverick backport kernel, the guest session and verifying all the various SRU bugs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Err, here are the results with the proper invocation of test-apparmor.py to get the parser stress tests too: $ sudo ./test-apparmor.py --with-parser-stress -v ... Run parser stress test ... Generating 1000 profiles... Loading directory of profiles into buffer cache real0m1.448s user0m3.648s sys 0m0.580s Running preprocess only parser on directory of profiles real4m21.596s user4m19.216s sys 0m3.120s Running full parser on directory of profiles real4m27.704s user4m25.037s sys 0m3.676s Loading equivalent profile into buffer cache real0m0.004s user0m0.000s sys 0m0.004s Running preprocess only parser on single equiv profile real4m29.743s user4m29.469s sys 0m0.212s Running full parser on single equivalent profile real4m39.586s user4m39.321s sys 0m0.196s ok Run subdomain stress test ... (skipped: use --with-subdomain-stress to enable) ok Cleanup downloaded source ... ok -- Ran 25 tests in 1387.654s OK (FYI, the subdomain stress tests intentionally never complete which is why they aren't run. This may change in a future version of AppArmor). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Since test-apparmor.py from QRT is pretty comprehensive, I am going to display its tests results here (both i386 and amd64 passed): $ sudo ./test-apparmor.py -v --with-parser-stress Skipping private tests Test enforce to complain and back with aa-complain/aa-enforce ... ok Test aa-status ... ok Test aa-unconfined ... ok Test add/remove profile ... ok Test complain profile ... ok Test enforce profile ... ok Test moving from enforce to complain and back ... ok Test initscript ... stop teardown status (unloaded: LP: #654841) start restart reload force-reload status (loaded) ok Test kernel ... ok Test aa-logprof LP: #652674 ... ok Test /etc/apparmor.d/disable ... ok Test /etc/apparmor.d/force-complain ... ok Test required apport hooks ... ok Test apport LP: #655529 ... ok Test pam (order=default,user,group) ... adm_group can access default_user's file adm_group cannot access adm_group's file adm_group cannot access confined_user's file adm_group cannot access confined_group's file adm_group cannot access unconfined_user's file adm_group cannot access unconfined_group's file confined_group can access default_user's file confined_group cannot access adm_group's file confined_group cannot access confined_user's file confined_group cannot access confined_group's file confined_group cannot access unconfined_user's file confined_group cannot access unconfined_group's file confined_user can access default_user's file confined_user cannot access adm_group's file confined_user cannot access confined_user's file confined_user cannot access confined_group's file confined_user cannot access unconfined_user's file confined_user cannot access unconfined_group's file default_user can access default_user's file default_user cannot access adm_group's file default_user cannot access confined_user's file default_user cannot access confined_group's file default_user cannot access unconfined_user's file default_user cannot access unconfined_group's file unconfined_group can access default_user's file unconfined_group cannot access adm_group's file unconfined_group cannot access confined_user's file unconfined_group cannot access confined_group's file unconfined_group cannot access unconfined_user's file unconfined_group cannot access unconfined_group's file unconfined_user can access default_user's file unconfined_user cannot access adm_group's file unconfined_user cannot access confined_user's file unconfined_user cannot access confined_group's file unconfined_user cannot access unconfined_user's file unconfined_user cannot access unconfined_group's file ok Test pam (order=group,default,user) ... adm_group can access adm_group's file adm_group cannot access confined_user's file adm_group cannot access default_user's file confined_user can access confined_user's file confined_user cannot access unconfined_user's file default_user can access default_user's file default_user cannot access unconfined_user's file unconfined_user can access adm_group's file unconfined_user can access confined_user's file unconfined_user can access confined_group's file unconfined_user can access default_user's file unconfined_user can access unconfined_user's file unconfined_user can access unconfined_group's file unconfined_group can access adm_group's file unconfined_group can access confined_user's file unconfined_group can access confined_group's file unconfined_group can access default_user's file unconfined_group can access unconfined_user's file unconfined_group can access unconfined_group's file ok Test pam (order=group,user,default) ... adm_group can access adm_group's file adm_group cannot access confined_group's file adm_group cannot access confined_user's file adm_group cannot access default_user's file adm_group cannot access unconfined_group's file adm_group cannot access unconfined_user's file confined_group can access confined_group's file confined_group cannot access adm_group's file confined_group cannot access confined_user's file confined_group cannot access default_user's file confined_group cannot access unconfined_group's file confined_group cannot access unconfined_user's file confined_user can access confined_user's file confined_user cannot access adm_group's file confined_user cannot access confined_group's file confined_user cannot access default_user's file confined_user cannot access unconfined_group's file confined_user cannot access unconfined_user's file default_user can access default_user's file default_user cannot access adm_group's file default_user cannot access confined_group's file default_user cannot access confined_user's file default_user cannot access unconfined_group's file default_user cannot access unconfined_user's file unconfined_group can access unconfined_group's file unconfined_group can access adm_group's file unconfined_group
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
FYI, I upgraded several production desktops and servers with the AppArmor in lucid-proposed and all the upgrades went fine and the confined processes all continue to work fine for the last week after upgrading and also a reboot. The following cumulative list of profiles was tested in real world scenarios: * apache (non-default with several hats) * asterisk (non-default) * chromium (non-default) * clamd * cups * dhclient3 * dhcpd3 * evince * firefox * freshclam * irssi (non-default) * mt-daapd (non-default) * mysqld * named * ntpd * openvpn (non-default, with child profile) * sftp-server (non-default) * tcpdump I am continuing with QRT testing now and will report back here when done. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Branch linked: lp:ubuntu/lucid-proposed/apparmor -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Accepted apparmor into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: apparmor (Ubuntu Lucid) Status: In Progress => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
To ubuntu-sru, What is the status of this for Lucid? I believe John Johansen and I have addressed all questions in an offline email. Once the lucid packages hit proposed I can run all the QRT tests and install it on at least 6 different production machines (mix of servers and desktops). Also, Lamont is already using the package in production as well (see comment #16). If you'd like, I can blog about it and send a note to ubuntu- devel. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/660077 Title: update AppArmor to 2.5.1 (for upstream and backported maverick kernels) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.10.2 --- apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low * New upstream release (LP: #660077) - The following patches were refreshed: + 0001-fix-release.patch + 0003-local-includes.patch + 0004-ubuntu-abstractions-updates.patch + 0008-lp648900.patch: renamed as 0005-lp648900.patch - The following patches were dropped (included upstream): + 0005-lp601583.patch + 0006-network-interface-enumeration.patch + 0007-gnome-updates.patch * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211) * debian/patches/0007-honor-cflags.patch: have the parser makefile honor CFLAGS environment variable. Brings back missing symbols for the retracer * debian/patches/0008-lp652674.patch: fix warnings for messages without denied or requested masks (LP: #652674) * debian/apparmor.init: fix path to aa-status (LP: #654841) * debian/apport/source_apparmor.py: apport hook should use root_command_hook() for running apparmor_status (LP: #655529) * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber cmdline details (LP: #657091) * debian/{rules,control}: move apache2 abstractions into the base package so we can put apache2 profiles into the -profiles package without aa-logprof bailing out. Patch by Marc Deslauriers. (LP: #539441) * debian/patches/0009-sensible-browser-pix.patch: use Pix with sensible-browser * debian/patches/0010-ubuntu-buildd.patch: skip parser caching test if the AppArmor securityfs introspection directory is not mounted, as is the case on Ubuntu buildds. -- Jamie StrandbogeTue, 02 Nov 2010 12:04:06 -0500 ** Changed in: apparmor (Ubuntu Maverick) Status: Fix Committed => Fix Released -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Tags added: verification-done ** Tags removed: verification-needed -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Upgraded to 2.5.1-0ubuntu0.10.10.2 in two clean up to date VMs (amd64 and i386). Rebooted, etc and all worked fine. Ran test-apparmor.py QRT tests (which runs the extensive upstream tests as well as a number of other tests) on both it passes. -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Successfully installed 2.5.1-0ubuntu0.10.04.1 on my lucid box, seems to be working just fine (and not OOPSing that I can see.) -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
2.5.1-0ubuntu0.10.04.1 has been uploaded again, which has the above fixes. -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Just getting back to this now. The maverick-proposed upload FTBFS due to the new tests in the parser testsuite which require the AppArmor securityfs introspection directory to be mounted, which it isn't on the buildd. Added a patch to skip this test if the directory is not available. I also added a patch to the ubuntu-browsers abstraction that was accidentally omitted from the previous upload. This uses 'Pix' instead of 'Pux' for sensible-browser. Only evince uses the ubuntu-browsers abstraction and it is verified to work correctly with this change (ie, setting the preferred browser to sensible-browser opens the browser configured for use with sensible-browser). FYI-- 2.5.1-0ubuntu4 is now in natty, and contains all of these patches. -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Branch linked: lp:ubuntu/maverick-proposed/apparmor -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Accepted apparmor into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: apparmor (Ubuntu Maverick) Status: In Progress => Fix Committed ** Tags added: verification-needed -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Patch removed: "maverick_539441.diff" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/660077/+attachment/1702138/+files/maverick_539441.diff ** Patch added: "maverick_539441.diff" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/660077/+attachment/1703001/+files/maverick_539441.diff -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
In comment #7 I mentioned that I reverted the changes between lucid and maverick regarding the apache2-common profile. Since I reverted this in the last maverick upload (comment #10), I updated the lucid changelog and reuploaded to remove any potential confusion. -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
It was pointed out to me today that bug #539441 was reintroduced in maverick, so I have reuploaded the maverick package with the fix for that. Attached is the diff from the last upload to this one. This change was well tested on Lucid and its omission in maverick was simply an oversight. ** Patch added: "maverick_539441.diff" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/660077/+attachment/1702138/+files/maverick_539441.diff -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Branch linked: lp:ubuntu/apparmor -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Patch added: "lucid-release_to_lucid-proposed_debian.diff" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/660077/+attachment/1695716/+files/lucid-release_to_lucid-proposed_debian.diff -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Patch added: "lucid-release_to_lucid-proposed_profiles.diff" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/660077/+attachment/1695715/+files/lucid-release_to_lucid-proposed_profiles.diff -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
Uploaded 2.5.1-0ubuntu0.10.04.1 to lucid-proposed. Attached is a diff between profiles/ on 2.5-0ubuntu3 and 2.5.1. I will also attach the diff between the debian/ directories. For the most part, I have removed features when they were implemented in packaging. Ie: * I have dropped the backported from 2.6 local/ and ubuntu-browsers.d/ changes * I have dropped the chromium-browser profile in apparmor-profiles (it depends on the above) * I have dropped the aa-update-browser tool (also depends on the above) * I removed use of dh_apparmor In terms of abstractions, there are many abstraction bug fixes allowing additional access. There were three changes that were noteworthy: 1. machine-id moved from dbus to dbus-session. I added 0009-lucid-compat-dbus.patch to move it back 2. kde4-config was removed from the kde abstraction. I added 0010-lucid-compat-kde.patch to put it back (with PUx instead of Ux) 3. user-tmp uses 'owner' match in 2.5.1. This is a highly desirable security improvement (see bug #578922) for an LTS, and should not affect any applications in the default Ubuntu install. I have added text to the changelog to explain this in detail. I also made sure that shipped profiles/abstractions shipped in the same package (eg, the apache2* abstraction shipped in apparmor in Lucid, but libapache2-mod-apparmor in Maverick. I reverted that change. I have tested locally on a default amd64 install against QRT (which includes package test, initscript tests, apport, non-build testsuites, and more) and it passes. Once the packages build in -proposed, I will retest them on i386 and amd64, and will test all packages that ship a confined binary. I also tested linux-image-generic-lts-backport-maverick against QRT on amd64 and it works great. I plan to coordinate more testing with the kernel-team once the packages are in -proposed. -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
This bug was fixed in the package apparmor - 2.5.1-0ubuntu1 --- apparmor (2.5.1-0ubuntu1) natty; urgency=low * New upstream release (LP: #660077) - The following patches were refreshed: + 0001-fix-release.patch + 0003-local-includes.patch + 0008-lp648900.patch: renamed as 0005-lp648900.patch - The following patches were dropped (included upstream): + 0005-lp601583.patch + 0006-network-interface-enumeration.patch + 0007-gnome-updates.patch * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211) * debian/patches/0007-honor-cflags.patch: have the parser makefile honor CFLAGS environment variable. Brings back missing symbols for the retracer * debian/patches/0008-lp652674.patch: fix warnings for messages without denied or requested masks (LP: #652674) * debian/apparmor.init: fix path to aa-status (LP: #654841) * debian/apport/source_apparmor.py: apport hook should use root_command_hook() for running apparmor_status (LP: #655529) * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber cmdline details (LP: #657091) -- Jamie StrandbogeFri, 15 Oct 2010 12:23:00 -0500 ** Changed in: apparmor (Ubuntu Natty) Status: In Progress => Fix Released -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)
** Summary changed: - update AppArmor to 2.5.1 for backported maverick kernels + update AppArmor to 2.5.1 (for upstream and backported maverick kernels) ** Changed in: apparmor (Ubuntu Natty) Status: Invalid => In Progress ** Changed in: apparmor (Ubuntu Natty) Importance: Undecided => High ** Changed in: apparmor (Ubuntu Natty) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- update AppArmor to 2.5.1 (for upstream and backported maverick kernels) https://bugs.launchpad.net/bugs/660077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs