Yes (barring bugs), there is no intention to break anything :)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1895060

Title:
  [FFe] apparmor 3 upstream release

Status in apparmor package in Ubuntu:
  New

Bug description:
  As per the draft upstream release notes[1]:

  AppArmor 3.0 is a major new release of the AppArmor user space that makes
  an important change to policy development and support. Its focus is
  transitioning policy to the new features ABI and as such other new features
  have been limited.

  Apprmor 3.0 is a bridge release between older AppArmor 2.x policy and the
  newer AppArmor 3 style policy which requires the declaration of a features
  abi. As such AppArmor 3.0 will be a short lived release, and will not
  receive long term support. The following AppArmor 3.1 feature release is
  planned to be a regular release, please take this into account when
  including AppArmor 3.0 into a distro release.

  As such, Ubuntu 20.10 provides a great opportunity to introduce AppArmor3
  to Ubuntu and provide these new capabilities to users and system
  administrators. The short support lifespan of Ubuntu 20.10 ensures that
  there is alignment with the limited support lifetime of AppArmor 3.0 from
  upstream, whilst giving good exposure and opportunity to test and exercise
  the new features in AppArmor 3.x on the road to Ubuntu 22.04. A highlight
  of new features provided by AppArmor 3.0 include:

  - Policy now must declare the feature abi it was developed for if it is to
    use any new features. This ensures that old policy will not become
    incompatible with new kernels that support additional AppArmor features.
  - The use of profile names that are based on pathnames are deprecated.
  - Support for new kernel features (requires appropriate features abi
    tagging in policy)
    - upstream v8 network socket rules
    - xattr attachment conditionals
    - capabilities PERFMON and BPF
  - Improved compiler warnings and semantic checks
  - aa-status rewritten in C (previously was python) with additional features
    - supports use in systems/images where python is not available
    - supports kill, unconfined and mixed profile modes
  - Rewritten aa-notify (previously was perl, now python3)
    - shared backend with other python tools
    - support use of aa.CONFDIR instead of hard coded /etc/apparmor
    - improved message layout
  - Improved support for kernels that support LSM stacking
  - New utility aa-features-abi to extract and work with kernel abi features
  - New utility aa-load to load binary policy without calling the
    apparmor_parser
  - Support for profile modes
    - enforce (default when no mode flag is supplied)
    - kill (experimental)
    - unconfined (experimental)

  The use of the new AppArmor profile feature ABI includes a default
  configuration (for the Ubuntu packaged version of AppArmor proposed in this
  FFE) for the AppArmor features within the 5.4 Linux kernel - this ensures
  that all profiles provided in AppArmor3 for groovy will conform to this
  feature set and that upgrades to the kernel version (say to 5.8) that may
  include newer AppArmor confinement features will not result in additional
  policy denials as a result (since say the existing profile did not specify
  a rule for a new AppArmor feature which is now supported by the upgraded
  kernel). This ensures that there will be no regressions in application
  behaviour as a result of AppArmor kernel feature upgrades.

  TESTING

  This has been extensively tested by the security team - this includes
  following the documented Ubuntu merges test plan[2] for AppArmor and the
  extensive QA Regression Tests[3] for AppArmor as well. This ensures that the
  various applications that make heavy use of AppArmor (LXD, docker, lxc,
  dbus, libvirt, snapd etc) have all been exercised and no regressions have
  been observed. All tests have passed and demonstrated both apparmor and the
  various applications that use it to be working as expected.

  BUILD LOGS

  This is currently uploaded to groovy-proposed, build logs can be found on
  Launchpad at:
  https://launchpad.net/ubuntu/+source/apparmor/3.0.0~beta1-0ubuntu1

  INSTALL LOG

  See attached
  
(https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1895060/+attachment/5411197/+files
  /groovy-proposed-apparmor-install.log) for a log showing install of
  the packages from groovy-proposed

  [1] https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
  [2] https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
  [3] 
https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1895060/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to