[Kernel-packages] [Bug 1678032] Re: apparmor: does not provide a way to detect policy updataes
This bug was fixed in the package linux - 4.10.0-19.21 --- linux (4.10.0-19.21) zesty; urgency=low [ Tim Gardner ] * Release Tracking Bug - LP: #1680535 * ADT regressions caused by "audit: fix auditd/kernel connection state tracking" (LP: #1680532) - SAUCE: Revert "audit: fix auditd/kernel connection state tracking" * Miscellaneous Ubuntu changes - [Config] updateconfigs to update CONFIG_GENERIC_CSUM for ppc64el This cleans up behind a Kconfig change that went undetected. linux (4.10.0-18.20) zesty; urgency=low [ Tim Gardner ] * Release Tracking Bug - LP: #1680168 * smartpqi driver needed in initram disk and installer (LP: #1680156) - UBUNU: [Config] Add smartpqi to d-i linux (4.10.0-17.19) zesty; urgency=low [ Tim Gardner ] * Release Tracking Bug - LP: #1679718 * Fix CVE-2017-7308 (LP: #1678009) - net/packet: fix overflow in check for priv area size - net/packet: fix overflow in check for tp_frame_nr - net/packet: fix overflow in check for tp_reserve * apparmor: oops on boot if parameters set on grub command line (LP: #1678048) - SAUCE: apparmor: fix parameters so that the permission test is bypassed at boot * apparmor: does not provide a way to detect policy updataes (LP: #1678032) - SAUCE: apparmor: add policy revision file interface * apparmor does not make support of query data visible (LP: #1678023) - SAUCE: apparmor: add label data availability to the feature set * apparmor query interface does not make supported query info available (LP: #1678030) - SAUCE: apparmor: add information about the query inteface to the feature set * change_profile incorrect when using namespaces with a compound stack (LP: #1677959) - SAUCE: apparmor: fix label parse for stacked labels * Zesty update to v4.10.8 stable release (LP: #1678930) - xfrm: policy: init locks early - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder - KVM: nVMX: Fix nested VPID vmx exec control - KVM: x86: cleanup the page tracking SRCU instance - virtio_balloon: init 1st buffer in stats vq - pinctrl: qcom: Don't clear status bit on irq_unmask - c6x/ptrace: Remove useless PTRACE_SETREGSET implementation - h8300/ptrace: Fix incorrect register transfer count - mips/ptrace: Preserve previous registers for short regset write - sparc/ptrace: Preserve previous registers for short regset write - metag/ptrace: Preserve previous registers for short regset write - metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS - metag/ptrace: Reject partial NT_METAG_RPIPE writes - qla2xxx: Allow vref count to timeout on vport delete. - sched/rt: Add a missing rescheduling point - usb: musb: fix possible spinlock deadlock - Linux 4.10.8 * [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527) - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs - PCI: hv: Use device serial number as PCI domain * Miscellaneous Ubuntu changes - [Config] flash-kernel should be a Breaks - [Config] drop the info directory - [Config] drop NOTES as obsolete - [Config] drop changelog.historical as obsolete linux (4.10.0-16.18) zesty; urgency=low [ Tim Gardner ] * Release Tracking Bug - LP: #1677697 * [Feature] ISH (Intel Sensor Hub) support (LP: #1645521) - iio: accel: hid-sensor-accel-3d: Add timestamp * Zesty update to v4.10.7 stable release (LP: #1677589) - net/openvswitch: Set the ipv6 source tunnel key address attribute correctly - net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled - net: properly release sk_frag.page - amd-xgbe: Fix jumbo MTU processing on newer hardware - openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD - net: unix: properly re-increment inflight counter of GC discarded candidates - qmi_wwan: add Dell DW5811e - net: vrf: Reset rt6i_idev in local dst after put - net/mlx5: Add missing entries for set/query rate limit commands - net/mlx5e: Use the proper UAPI values when offloading TC vlan actions - net/mlx5: Increase number of max QPs in default profile - net/mlx5e: Count GSO packets correctly - net/mlx5e: Count LRO packets correctly - ipv6: make sure to initialize sockc.tsflags before first use - net: bcmgenet: remove bcmgenet_internal_phy_setup() - ipv4: provide stronger user input validation in nl_fib_input() - socket, bpf: fix sk_filter use after free in sk_clone_lock - genetlink: fix counting regression on ctrl_dumpfamily() - tcp: initialize icsk_ack.lrcvtime at session start time - amd-xgbe: Fix the ECC-related bit position definitions - net: solve a NAPI race - HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT - Input: ALPS - fix V8+ protocol handling (73
[Kernel-packages] [Bug 1678032] Re: apparmor: does not provide a way to detect policy updataes
** Changed in: linux (Ubuntu Zesty) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1678032 Title: apparmor: does not provide a way to detect policy updataes Status in linux package in Ubuntu: Fix Committed Status in linux source package in Xenial: Incomplete Status in linux source package in Yakkety: Incomplete Status in linux source package in Zesty: Fix Committed Bug description: User space trusted helpers have no way to detect when policy changes have been loaded into the kernel. This prevents the applications from being able to cache permission queries. Currently trusted helpers have not done caching (wish list feature), however the gsetting proxy requires userspace caching of permissions due to how gsettings proxy has to work. This means that policy loads result in stale gsettings policy to results in incorrect mediation. Add a revision file to the apparmorfs interface that allows detection of the current revision number for apparmor policy. This file can be read like a pipe, or used via poll, which is sufficient for the gsettings proxy detect changes and invalidate its cache. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1678032/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp