> with the new apparmor Candidate: 4.0.0~alpha2-0ubuntu7
> DistroRelease: Ubuntu 24.04
This bug smells like a userns issue - programs using userns (often used
for sandboxing) now _must have_ an AppArmor profile.
Can you please save the following as /etc/apparmor.d/surfshark? (Adjust
the path to
Slightly related:
> /usr/sbin/runc flags=(unconfined) {
Shouldn't that nowadays be(come)
profile runc /usr/sbin/runc flags=(unconfined) {
Ideally please fix this now, so that the upstream docker profile can use
peer=runc
--
You received this bug notification because you are a member of
> # new python script to create vim profiles with
>
> python create-apparmor.vim.py
For the records: create-apparmor.vim.py exists since years, and ...
> # generates a new file called apparmor.vim.in
... it uses apparmor.vim.in as _input_ and generates the apparmor.vim
file (syntax highlighting
Submitted as https://gitlab.com/apparmor/apparmor/-/merge_requests/937
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1993572
Title:
samba profile: missing rule for
Typo? I'd expect 'Just "w" is enough' ;-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1993572
Title:
samba profile: missing rule for mkdir /var/cache/samba/printing
aa-disable calls apparmor_parser, so this is most likely a problem
between apparmor_parser and the kernel. I've updated the summary
accordingly.
** Summary changed:
- "aa-disable" fails on autopkgtest.u.c (armhf)
+ parser fails to unload profile via "aa-disable" on autopkgtest.u.c (armhf) -
Based on your DENIED message, I wonder if read (= directory listing)
permissions are really needed, or if
/var/cache/samba/printing/ w, # without r
would be enough. Can you please test and report back?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
A few comments and explanations:
> As part of that it locks down /dev to read-only:
> /dev/ r,
>
> However that also means /dev/pts is read-only, hence the error above denies
> write access.
The rule for /dev/ only allows reading the directory listing of /dev/.
It doesn't say or allow anything
> apparmor_parser -R /etc/apparmor.d
-R means to unload profiles, in this case all profiles in
/etc/apparmor.d/. That's probably a bit ;-) too much...
I'd guess you want to unload only the tcpdump profile, which would be done with
apparmor_parser -R /etc/apparmor.d/usr.bin.tcpdump
An
This was already fixed upstream with
https://gitlab.com/apparmor/apparmor/-/merge_requests/848 (with a
slightly different patch that works for all python versions).
AppArmor >= 3.0.5 will include the fix.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Looks like the profile for cups-browsed has a syntax error. (Did you
change something in the profile, or is it the original profile as
shipped in the package?)
Also, AFAIK this profile is shipped with the cups package, therefore I'm
adding that package.
** Also affects: cups (Ubuntu)
The /usr/bin/redshift profile needs some additional dbus rules.
** Also affects: redshift
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
This was already fixed upstream, see
https://gitlab.com/apparmor/apparmor/-/merge_requests/664
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1934005
Title:
> The second rule allows firefox to load and run code from that location.
> But doesn't allow firefox to write to it. So if there is malware [...]
That's correct for the added rule, but the profile also has
owner @{HOME}/.{firefox,mozilla}/** rw,
which means firefox _can_ write to that
The error is:
Traceback (most recent call last):
File "/usr/bin/aa-notify", line 39, in
import psutil
ModuleNotFoundError: No module named 'psutil'
Looks like a missing dependency on python3-psutil (or whatever the
package is named) in the package that contains aa-notify.
--
You
Wild _guess_/hint that could explain the behaviour you see: Do you have
(snap?) profiles that have rules with "peer=libvirtd", and fail if
libvirtd is running unconfined (which would need "peer=unconfined" in
the other profile)?
--
You received this bug notification because you are a member of
This bug is finally fixed with
https://gitlab.com/apparmor/apparmor/-/merge_requests/544
AppArmor 3.0 will include the fixed tools.
** Changed in: apparmor
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Indeed, that's not really helpful :-(
Another idea - does
apparmor_parser -r /etc/apparmor.d/
print any output? (If yes, please paste or attach it.)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
In the meantime (actually nearly a year ago), log parsing was rewritten
and now does de-duplication instantly. This should reduce memory usage a
lot - my experience is that especially large lots have lots of
duplication included.
I also removed some intermediate steps in the chain from logfile to
For the records: Upstream commit
a57f01d86bdb01647966f3eeff7a1cc3fc6abd76 (from 2019-02-10) added rules
to allow this (with an additional type=stream restriction, which matches
the log mentioned in this bugreport), and was also backported to the
maintenance branches.
Therefore I'll mark the
I'm afraid the logs you attached don't include anything about the reason
why you get this failure. Can you please attach the output of
systemctl status -n200 apparmor.service
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
> id appears to be the only one to pick different letters.
For the records: changing the hotkeys is allowed, but you have to make
sure that you don't cause hotkey conflicts. To be sure, run the updated
translation through the AppArmor utils tests - or ask me to run these
tests ;-)
> and if it's
KernLog.txt contains several ALLOWED lines for chromium, and also DENIED
lines for firefox (unrelated to this bugreport, but nevertheless we
should probably check them.
You mentioned that you got some EPERM in strace - can you please tell us
which files were affeted?
Wild guess: maybe those
This is already fixed upstream (in AppArmor 2.12.2 and 2.13.2),
especially commit f997977e6.
However, the Ubuntu package doesn't have that fix yet, therefore I add
"apparmor (Ubuntu)" to the "affects" list.
Backporting the mentioned commit probably isn't too easy (it's quite big
and IIRC has
> unix (connect, send, receive) peer = (addr = "@
2F746D702F65736574732E736F636B00 *")
Did you really use exactly this line (with "@_space_2F...B00_space_*")?
If so, please try again without the spaces.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1785391
Title:
aa-genprof fails in an lxd instance
** Also affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1784499
Title:
AppArmor treats regular NFS file
The ssl_certs and ssl_keys abstractions just got the paths for letsencrypt
added:
https://gitlab.com/apparmor/apparmor/merge_requests/283
(also backported to the 2.10..2.13 branches)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Also backported to the 2.12 and 2.13 branch, will be in 2.12.2 and
2.13.2.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
** Changed in: apparmor
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1785391
Title:
aa-genprof fails in an lxd instance
Status
Fix commited to 2.10 branch..master
For the aa-logprof issue you mentioned, please answer my question in a
new bugreport ;-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://gitlab.com/apparmor/apparmor/merge_requests/157
For aa-logprof - a) what exactly is the problem and b) please answer in
a separate bugreport ;-)
** Changed in: apparmor
Status: New => Triaged
** Changed in: apparmor
Assignee: (unassigned) => Christian Boltz (cboltz)
-
> ./abstractions/lightdm: /bin/ rmix,
rmix permissions for a directory? That looks wrong to me, r permissions
should be enough.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
Done - https://gitlab.com/apparmor/apparmor/merge_requests/131 will be
part of AppArmor 3.0
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
For the records - I'm just working on a different implementation of
"(V)iew Changes", which will also replace the workaround with a real fix
:-) This will probably be in AppArmor 3.0, and will appear as merge
request on gitlab this weekend.
--
You received this bug notification because you are
Looks like you have a syntax error in /etc/apparmor.d/tunables/multiarch
around line 13. Can you please attach this file? Also, did you modify it
manually?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with
Fixed in AppArmor 2.12
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1730536
Title:
"Unable to
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1590561
Title:
webbrowser-app crashes on startup on
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1668892
Title:
CVE-2017-6507: apparmor service
Just wondering - if this bug survived so long without being noticed,
isn't it a sign that in most cases scrubbing doesn't hurt or is even a
good idea?
Should we introduce Ix to officially have a way to inherit with
scrubbing?
--
You received this bug notification because you are a member of
Just as a quick info - to get things working with non-default home
directory locations, edit /etc/apparmor.d/tunables/home (or add a file
to /etc/apparmor.d/tunables/home.d/) and add your custom path
("/data/home/") to the @{HOMEDIRS} variable.
I'm not sure why read access to /data/ was requested
For the records: this is already fixed upstream (checked in master and
the latest 2.11 branch), so Ubuntu "just" needs to pick up the fix.
commit e2039f021e42793e07c1838499eae9c22e1ea8f2
Author: Christian Boltz <appar...@cboltz.de>
Date: Mon Aug 15 22:02:55 2016
Reopening for upstream AppArmor - unfortunately nobody worked on this
yet :-(
** Changed in: apparmor
Status: Invalid => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
> Not quite sure now if apparmor upstream is found in launchpad[1] or
gitlab[2].
The code moved from bzr to gitlab recently. Bug tracking and
translations are still handled on launchpad.
> I would go with that versionning approach instead:
>
> apparmor | 2.11.0-2ubuntu17.1 | artful
> apparmor |
> c0n7r4 (c0n7r4) wrote:
> apparmor="AUDIT"
AUDIT events happen if your profile has a rule like
audit /tmp/tempfile/ r,
and the program is then really doing something that needs this rule (like
getting a directory listing for /tmp/tempfile/).
"audit" means that the action is allowed (but
> There is also a python parser (in aa.py) which only seems to understand the
> 'include '
> syntax and it is this which throws errors when running the utility commands.
Exactly, that's the cause of this bug. I'll change the title to make it
obvious.
Interestingly, it has been this way for
** Also affects: apparmor/2.11
Importance: Undecided
Status: New
** Changed in: apparmor/2.11
Status: New => Fix Committed
** Changed in: apparmor/2.11
Milestone: None => 2.11.2
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
> ... apparmor="DENIED" operation="create" ... family="unix"
sock_type="stream"
With the pinned-down feature set, you probably "lost" support for unix
rules.
In theory, apparmor_parser will downgrade those rules to "network unix,"
- but in practise a bug in apparmor_parser prevented it.This bug
** Tags added: aa-tools
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1669254
Title:
16.04 apparmor, aa-logprof and log files
Status in AppArmor:
New
Status in
You'll need to allow
/etc/gss/mech.d/ r,
and after that, I wouldn't be surprised if you get denials for files
inside this directory ;-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Also affects: apparmor
Importance: Undecided
Status: New
** Tags added: aa-feature
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1719935
Title:
It would
** Also affects: apparmor
Importance: Undecided
Status: New
** Tags added: aa-policy
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid}
I'm afraid the given information isn't enough to reproduce and debug
this problem :-(
If you hit this again, please reopen and provide some more details.
** Changed in: apparmor
Status: New => Invalid
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this
Just a quick update about the situation on openSUSE - in the meantime,
we got rid of the initscript and switched to a small wrapper script -
see apparmor.systemd and apparmor.service on
https://build.opensuse.org/package/show/security:apparmor/apparmor
That's obviously not the final solution, but
For the records:
revno: 3437
fixes bug: https://launchpad.net/bugs/1569316
committer: Tyler Hicks
branch nick: apparmor
timestamp: Tue 2016-04-12 16:36:43 -0500
message:
profiles: Add attach_disconnected flag to dnsmasq profile
https://launchpad.net/bugs/1569316
no worries, I changed it back ;-)
** Changed in: apparmor/master
Status: Fix Released => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1658239
I added dbus support to aa-logprof in AppArmor 2.11, and I'd guess *)
16.04 has an older version.
*) I use openSUSE ;-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
> Sorry, I meant it's the service's job to properly/forcefully stop a
> daemon. I agree that killing processes in postrm is dangerous.
I agree that kill -9 isn't the way to go (it was meant as a rhetoric question),
but there are still valid reasons why a daemon doesn't get stopped in postrm:
-
You are technically correct that the still-loaded profile doesn't match
a clean uninstall. However, I have a different opinion on this and thing
keeping the profile loaded is the better choice.
Unloading a profile means removing the confinement from running
processes. So if a process is still
I'd even recommend to restrict it a bit more:
owner /tmp/antispam-mail*/ rw,
owner /tmp/antispam-mail*/* rwkl,
sendmail might be a candidate for a child profile. Such a (maybe too
generous) profile already exists in the dovecot-lda profile, so cleaning
it up and removing permissions that are
I don't care too much about dh_apparmor (EWRONGDISTRO ;-) - but still:
Are you sure that unloading profiles when uninstalling a package is a
good idea? The binary installed by this package could still be running,
and unloading the profile (= unconfining the binary) might be a security
risk. (I
Thanks for the report!
I commited the updated profile to bzr trunk r3651, 2.10 branch r3391 and
2.9 branch r3056.
If you want to update your profile locally, the needed changes are:
-/usr/lib/dovecot/dovecot-lda {
+/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
+
** Tags added: aa-tools
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1679856
Title:
ldd should be replaced in the utilities
Status in AppArmor:
New
Status in
This was fixed in upstream bzr r3490 (2016-07-20), but only in trunk.
Looks like nobody backported it to the 2.10 branch or the Ubuntu
packages.
See also bug 1584069 (which is referred in the r3490 commit message) -
interestingly, there's a comment saying "This bug was fixed in Ubuntu
16.04 with
** Also affects: apparmor/2.10
Importance: Undecided
Status: New
** Also affects: apparmor/2.11
Importance: Undecided
Status: New
** Changed in: apparmor/2.10
Milestone: None => 2.11.1
** Changed in: apparmor/2.10
Status: New => Fix Committed
** Changed in:
** Changed in: apparmor/2.10
Status: Fix Released => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1658239
Title:
base abstraction missing glibc
openSUSE still has /var/log/messages - at least if you install one of
the "normal" syslog deamons (syslogd, syslog-ng or rsyslog) instead of
relying on journald ;-)
OTOH, openSUSE never had /var/log/syslog
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Feel free to send out what you have now (with a "just FYI, WIP" note) -
maybe I can help in some details.
For "my" invalid rule: Well, I managed to pick an example that is "more
invalid" than yours ;-)
What I wanted to know is - if there's another parameter between two bus=...
parameters, will
> It is too bad that all of the
> profiles have to be fully parsed just to use basic utilities that don't
> necessarily care about the rules inside of a profile.
The main problem is that we allow "random" filenames for the profiles,
so we need to check all files for the to-be-changed profile -
Commited to AppArmor bzr - trunk r3627, 2.10 branch r3383 and 2.9 branch
r3048.
Fixing the Ubuntu packages is not my job ;-)
** Also affects: apparmor/2.9
Importance: Undecided
Status: New
** Also affects: apparmor/2.10
Importance: Undecided
Status: New
** Changed in:
Well, up to 2.10 dbus rule handling in the tools was simply matching for
"dbus.*," and writing the line back to the profile without any changes.
I'm not sure if I'd call full support for dbus rules (including handling
of log events) a regression ;-) but I understand that it's annoying.
Writing a
Agreed, aa-notify needs some love. Nevertheless, please open separate
bugreports for firefox and chromium to get their profiles fixed ;-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Also affects: apparmor
Importance: Undecided
Status: New
** Tags added: aa-tools
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1658943
Title:
aa-notify
** Changed in: apparmor/master
Milestone: None => 2.11.1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1658238
Title:
apache2 abstraction incomplete
Status in
** Changed in: apparmor/master
Milestone: None => 2.11.1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1658239
Title:
base abstraction missing glibc /proc/$pid/
Note that upstream AppArmor renamed abstractions/php5 to
abstractions/php and added some more paths so that it also works with
PHP 7 on openSUSE. abstractions/php5 is still provided as compability
wrapper.
It would probably make sense to take the upstream files instead of your
patch.
--
You
This was already fixed in AppArmor 2.10.1
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1484178
** Changed in: apparmor/master
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1534405
Title:
Regression in parser
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1528230
Title:
[ADT test failure] linux:
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1525119
Title:
Cannot permit some operations for sssd
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1628745
Title:
Change in kernel exec transition
** Changed in: apparmor
Status: Fix Committed => Fix Released
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1540562
Title:
aa-genprof crashes in logparser
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1566944
Title:
dnsmasq profile prevents LXD container
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1569316
Title:
Log flooded with
Fixed in AppArmor 2.11, 2.10.2 and 2.9.4
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1546455
** Changed in: apparmor
Status: Fix Committed => Fix Released
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Changed in: apparmor
Status: Fix Committed => Fix Released
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Fixed in AppArmor 2.11
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1604872
Title:
Apps can't
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced
** Changed in: apparmor
Status: Fix Committed => Fix Released
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
** Changed in: apparmor/2.9
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1480492
Title:
aa-status in apparmor-2.10 depends on
Fixed in AppArmor 2.11.
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1584069
Title:
Fixed in AppArmor 2.11
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1588069
Title:
parser doesn't
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile()
** Changed in: apparmor/2.10
Milestone: None => 2.10.2
** Changed in: apparmor/2.10
Status: New => Fix Committed
** Changed in: apparmor
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
** Also affects: apparmor/2.10
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1507469
Title:
Evince's Apparmour profile
Milestone: None => 2.9.4
** Changed in: apparmor/2.10
Assignee: (unassigned) => Christian Boltz (cboltz)
** Changed in: apparmor/2.9
Assignee: (unassigned) => Christian Boltz (cboltz)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packa
dovecot/log"
You'll need to add flags=(attach_disconnected) to the dovecot/log
profile.
Patch sent to upstream mailinglist for review.
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor
Assignee: (unassigned) => Christian Boltz
1 - 100 of 249 matches
Mail list logo