** Description changed:
+ Christian summarizes this after the great reports by Martin:
+
+ gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
+ and added more later.
+
+ Due to that anything linked against gnutls while being apparmor isolated
+ now hits similar denials, preven
There is precedence in /etc/apparmor.d/abstractions/base holding various rules
like these
$ grep etc_ro /etc/apparmor.d/abstractions/base
@{etc_ro}/locale/** r,
@{etc_ro}/locale.alias r,
@{etc_ro}/localtime r,
@{etc_ro}/bindresvport.blacklistr,
@{etc_ro}/ld.so
Suggestion would be something like:
--- /etc/apparmor.d/abstractions/crypto.orig2024-03-11 11:05:24.027597234
+
+++ /etc/apparmor.d/abstractions/crypto 2024-03-11 11:06:12.035895701 +
@@ -24,4 +24,7 @@
/etc/crypto-policies/*/*.txt r,
/usr/share/crypto-policies/*/*.txt r,
+ #
Hey,
I think everything in the gnutls/ directory should be allowed: there can
be profiles with arbitrary names (or at least alnum I guess) which
define priority/configuration strings that can be used by gnutls
applications. I'm not aware of anything else that typically goes there
but I haven't che
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/apparmor/+git/apparmor/+merge/462142
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056739
FYI - submitted as https://gitlab.com/apparmor/apparmor/-/merge_requests/1178
@John if merged, would you mind adding a bug-ref to the Ubuntu upload changelog
so this bug 2056739 closes?
Given that there seems to be some agreement to fix this in apparmor,
I'll set the other tasks to "Won't Fix"
*
** Changed in: chrony (Ubuntu)
Status: New => Won't Fix
** Changed in: gnutls28 (Ubuntu)
Status: New => Won't Fix
** Changed in: libvirt (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which i
Yes, will do I added both reference you provided to the upstream merge
commit and all fixes/closes references will be going into the changelog.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.l
FYI the fix and a related cleanup are merged into upstream apparmor and
I'd expect the next upload to Ubuntu to then fix this issue.
@Martin
Thanks for the extra info for completeness, I assume we might find even more if
we spend more time (but tat would provide no extra gain).
@John
Up to you t
This bug was fixed in the package apparmor - 4.0.0-beta3-0ubuntu2
---
apparmor (4.0.0-beta3-0ubuntu2) noble; urgency=medium
* d/apparmor.install
- install new profiles
- geary
- goldendict
- kchmviewer
- loupe
- notepadqq
- pageedit
- pr
10 matches
Mail list logo