[Touch-packages] [Bug 2056496] Re: [FFe] AppArmor 4.0-beta2 + prompting support for noble
Uploaded to noble-proposed yesterday https://launchpad.net/ubuntu/+source/apparmor/4.0.0~beta2-0ubuntu3 ** Changed in: apparmor (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056496 Title: [FFe] AppArmor 4.0-beta2 + prompting support for noble Status in apparmor package in Ubuntu: Fix Committed Bug description: AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from landing pre feature freeze. Landing AppArmor 4.0-beta's will enable us to more easily track upstream bug fixes, and is needed to support network rules in prompting. The addition of the prompting patch on top of AppArmor 4.0 is required to support snapd prompting in general for both file and network rules. Currently the prompting patch is not part of the upstream release but is part of the vendored apparmor in snapd. In ordered for snapd to be able to vendor the noble release of apparmor it requires support for prompting. The prompting patch is a straight rebase to AppArmor 4.0 of the patch that has been in testing in snapd prompting for more than six months. Changes from 4.0.0~alpha4-0ubuntu1 (current noble) version Beta1 added three additional features that were not present in alpha4 (current Noble). • support for fine grained (address based) IPv4 and IPv6 mediation (required for prompting to support networking). • aa-notify support message filters to reduce notifications • aa-logprof/genprof support for mount rules None of these features affect existing policy, which will continue to function under the abi that it was developed under. This can be seen in the regression testing below. I addition to the 3 features introduced in Beta1, Beta1 and Beta2 add several bug fixes the most important are highlighted below with the full list available in the upstream release notes, available at https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta2 • new unconfined profiles in support of unprivileged user namespace mediation https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626 ∘ nautalus, devhelp, element-desktop, epiphany, evolution, keybase, opam • fix policy generation for non-af_inet rules (MR:1175) • Fix race when reading proc files (AABUG:355, MR:1157) • handle unprivileged_userns transition in userns tests (MR:1146) • fix usr-merge failures on exec and regex tests (MR:1146) This proposed change has been tested via the QA Regression Testing project, in particular with the specific test added in https://git.launchpad.net/qa-regression- testing/commit/?id=6f2c5ab7c8659174adac772ce0e894328bb5045d The output of a test run is in the attached qrt.output file. Of which the summary is below Ran 62 tests in 811.542s OK (skipped=3) apparmor_4.0.0~beta2-0ubuntu3 has been installed on several up to date (as of March 7) noble systems. Boot/Reboot and regression tests have been done, against different kernel versions. 6.8.0-11-generic #11-Ubuntu 6.5.0-14-generic #14-Ubuntu 6.7.0 (upstream custom build) 6.8-rc3 (upstream custom build) The changelog is available here https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-devel/+files/apparmor_4.0.0~beta2-0ubuntu3_source.changes The prepared package is available via the ppa https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-ffe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056496] Re: [FFe] AppArmor 4.0-beta2 + prompting support for noble
FFe granted ** Changed in: apparmor (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056496 Title: [FFe] AppArmor 4.0-beta2 + prompting support for noble Status in apparmor package in Ubuntu: Triaged Bug description: AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from landing pre feature freeze. Landing AppArmor 4.0-beta's will enable us to more easily track upstream bug fixes, and is needed to support network rules in prompting. The addition of the prompting patch on top of AppArmor 4.0 is required to support snapd prompting in general for both file and network rules. Currently the prompting patch is not part of the upstream release but is part of the vendored apparmor in snapd. In ordered for snapd to be able to vendor the noble release of apparmor it requires support for prompting. The prompting patch is a straight rebase to AppArmor 4.0 of the patch that has been in testing in snapd prompting for more than six months. Changes from 4.0.0~alpha4-0ubuntu1 (current noble) version Beta1 added three additional features that were not present in alpha4 (current Noble). • support for fine grained (address based) IPv4 and IPv6 mediation (required for prompting to support networking). • aa-notify support message filters to reduce notifications • aa-logprof/genprof support for mount rules None of these features affect existing policy, which will continue to function under the abi that it was developed under. This can be seen in the regression testing below. I addition to the 3 features introduced in Beta1, Beta1 and Beta2 add several bug fixes the most important are highlighted below with the full list available in the upstream release notes, available at https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta2 • new unconfined profiles in support of unprivileged user namespace mediation https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626 ∘ nautalus, devhelp, element-desktop, epiphany, evolution, keybase, opam • fix policy generation for non-af_inet rules (MR:1175) • Fix race when reading proc files (AABUG:355, MR:1157) • handle unprivileged_userns transition in userns tests (MR:1146) • fix usr-merge failures on exec and regex tests (MR:1146) This proposed change has been tested via the QA Regression Testing project, in particular with the specific test added in https://git.launchpad.net/qa-regression- testing/commit/?id=6f2c5ab7c8659174adac772ce0e894328bb5045d The output of a test run is in the attached qrt.output file. Of which the summary is below Ran 62 tests in 811.542s OK (skipped=3) apparmor_4.0.0~beta2-0ubuntu3 has been installed on several up to date (as of March 7) noble systems. Boot/Reboot and regression tests have been done, against different kernel versions. 6.8.0-11-generic #11-Ubuntu 6.5.0-14-generic #14-Ubuntu 6.7.0 (upstream custom build) 6.8-rc3 (upstream custom build) The changelog is available here https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-devel/+files/apparmor_4.0.0~beta2-0ubuntu3_source.changes The prepared package is available via the ppa https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-ffe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056496] Re: [FFe] AppArmor 4.0-beta2 + prompting support for noble
** Description changed: AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from landing pre feature freeze. Landing AppArmor 4.0-beta's will enable us to more easily track upstream bug fixes, and is needed to support network rules in prompting. The addition of the prompting patch on top of AppArmor 4.0 is required to support snapd prompting in general for both file and network rules. Currently the prompting patch is not part of the upstream release but is part of the vendored apparmor in snapd. In ordered for snapd to be able to vendor the noble release of apparmor it requires support for prompting. The prompting patch is a straight rebase to AppArmor 4.0 of the patch that has been in testing in snapd prompting for more than six months. Changes from 4.0.0~alpha4-0ubuntu1 (current noble) version Beta1 added three additional features that were not present in alpha4 (current Noble). • support for fine grained (address based) IPv4 and IPv6 mediation (required for prompting to support networking). • aa-notify support message filters to reduce notifications • aa-logprof/genprof support for mount rules None of these features affect existing policy, which will continue to function under the abi that it was developed under. This can be seen in the regression testing below. I addition to the 3 features introduced in Beta1, Beta1 and Beta2 add several bug fixes the most important are highlighted below with the full list available in the upstream release notes, available at https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta2 • new unconfined profiles in support of unprivileged user namespace mediation https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626 ∘ nautalus, devhelp, element-desktop, epiphany, evolution, keybase, opam • fix policy generation for non-af_inet rules (MR:1175) • Fix race when reading proc files (AABUG:355, MR:1157) • handle unprivileged_userns transition in userns tests (MR:1146) • fix usr-merge failures on exec and regex tests (MR:1146) This proposed change has been tested via the QA Regression Testing project, in particular with the specific test added in https://git.launchpad.net/qa-regression- testing/commit/?id=6f2c5ab7c8659174adac772ce0e894328bb5045d The output of a test run is in the attached qrt.output file. Of which the summary is below Ran 62 tests in 811.542s OK (skipped=3) - apparmor_4.0.0~beta2-0ubuntu3 has been installed on several up to date (as of March 7) noble systems. Reboot tests have been done, as well as booting in - to different kernel versions. -6.8.0-11-generic #11-Ubuntu -6.5.0-14-generic #14-Ubuntu -6.7.0 (custom build) -6.8-rc3 (custom build) + apparmor_4.0.0~beta2-0ubuntu3 has been installed on several up to date (as of March 7) noble systems. Boot/Reboot and regression tests have been done, against + different kernel versions. + 6.8.0-11-generic #11-Ubuntu + 6.5.0-14-generic #14-Ubuntu + 6.7.0 (upstream custom build) + 6.8-rc3 (upstream custom build) The changelog is available here https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-devel/+files/apparmor_4.0.0~beta2-0ubuntu3_source.changes The prepared package is available via the ppa https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-ffe -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056496 Title: [FFe] AppArmor 4.0-beta2 + prompting support for noble Status in apparmor package in Ubuntu: New Bug description: AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from landing pre feature freeze. Landing AppArmor 4.0-beta's will enable us to more easily track upstream bug fixes, and is needed to support network rules in prompting. The addition of the prompting patch on top of AppArmor 4.0 is required to support snapd prompting in general for both file and network rules. Currently the prompting patch is not part of the upstream release but is part of the vendored apparmor in snapd. In ordered for snapd to be able to vendor the noble release of apparmor it requires support for prompting. The prompting patch is a straight rebase to AppArmor 4.0 of the patch that has been in testing in snapd prompting for more than six months. Changes from 4.0.0~alpha4-0ubuntu1 (current noble) version Beta1 added three additional features that were not present in alpha4 (current Noble). • support for fine grained (address based) IPv4 and IPv6 mediation (required for prompting to support networking). • aa-notify support message filters to reduce notifications • aa-logprof/genprof support for mount rules None
[Touch-packages] [Bug 2056496] Re: [FFe] AppArmor 4.0-beta2 + prompting support for noble
** Description changed: AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from landing pre feature freeze. Landing AppArmor 4.0-beta's will enable us to more easily track upstream bug fixes, and is needed to support network rules in prompting. The addition of the prompting patch on top of AppArmor 4.0 is required to support snapd prompting in general for both file and network rules. Currently the prompting patch is not part of the upstream release but is part of the vendored apparmor in snapd. In ordered for snapd to be able to vendor the noble release of apparmor it requires support for prompting. The prompting patch is a straight rebase to AppArmor 4.0 of the patch that has been in testing in snapd prompting for more than six months. Changes from 4.0.0~alpha4-0ubuntu1 (current noble) version Beta1 added three additional features that were not present in alpha4 (current Noble). • support for fine grained (address based) IPv4 and IPv6 mediation (required for prompting to support networking). • aa-notify support message filters to reduce notifications • aa-logprof/genprof support for mount rules None of these features affect existing policy, which will continue to function under the abi that it was developed under. This can be seen in the regression testing below. I addition to the 3 features introduced in Beta1, Beta1 and Beta2 add several bug fixes the most important are highlighted below with the full list available in the upstream release notes, available at https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta2 • new unconfined profiles in support of unprivileged user namespace mediation https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626 ∘ nautalus, devhelp, element-desktop, epiphany, evolution, keybase, opam • fix policy generation for non-af_inet rules (MR:1175) • Fix race when reading proc files (AABUG:355, MR:1157) • handle unprivileged_userns transition in userns tests (MR:1146) • fix usr-merge failures on exec and regex tests (MR:1146) - - This proposed change has been tested via the QA Regression Testing project, in particular with the specific test added in https://git.launchpad.net/qa-regression-testing/commit/?id=6f2c5ab7c8659174adac772ce0e894328bb5045d - + This proposed change has been tested via the QA Regression Testing + project, in particular with the specific test added in + https://git.launchpad.net/qa-regression- + testing/commit/?id=6f2c5ab7c8659174adac772ce0e894328bb5045d The output of a test run is in the attached qrt.output file. Of which the summary is below - Ran 62 tests in 811.542s + Ran 62 tests in 811.542s - OK (skipped=3) + OK (skipped=3) + apparmor_4.0.0~beta2-0ubuntu3 has been installed on several up to date (as of March 7) noble systems. Reboot tests have been done, as well as booting in + to different kernel versions. +6.8.0-11-generic #11-Ubuntu +6.5.0-14-generic #14-Ubuntu +6.7.0 (custom build) +6.8-rc3 (custom build) The changelog is available here https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-devel/+files/apparmor_4.0.0~beta2-0ubuntu3_source.changes The prepared package is available via the ppa https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-ffe -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056496 Title: [FFe] AppArmor 4.0-beta2 + prompting support for noble Status in apparmor package in Ubuntu: New Bug description: AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from landing pre feature freeze. Landing AppArmor 4.0-beta's will enable us to more easily track upstream bug fixes, and is needed to support network rules in prompting. The addition of the prompting patch on top of AppArmor 4.0 is required to support snapd prompting in general for both file and network rules. Currently the prompting patch is not part of the upstream release but is part of the vendored apparmor in snapd. In ordered for snapd to be able to vendor the noble release of apparmor it requires support for prompting. The prompting patch is a straight rebase to AppArmor 4.0 of the patch that has been in testing in snapd prompting for more than six months. Changes from 4.0.0~alpha4-0ubuntu1 (current noble) version Beta1 added three additional features that were not present in alpha4 (current Noble). • support for fine grained (address based) IPv4 and IPv6 mediation (required for prompting to support networking). • aa-notify support message filters to reduce notifications • aa-logprof/genprof support for mount rules None of these features affect existing policy,
[Touch-packages] [Bug 2056496] Re: [FFe] AppArmor 4.0-beta2 + prompting support for noble
Captured output of QRT test run on updated noble using Linux 6.8.0-11-generic #11-Ubuntu kernel and 4.0.0~beta2-0ubuntu3 ** Attachment added: "Captured output of QRT test run" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056496/+attachment/5753923/+files/qrt.output -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056496 Title: [FFe] AppArmor 4.0-beta2 + prompting support for noble Status in apparmor package in Ubuntu: New Bug description: AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from landing pre feature freeze. Landing AppArmor 4.0-beta's will enable us to more easily track upstream bug fixes, and is needed to support network rules in prompting. The addition of the prompting patch on top of AppArmor 4.0 is required to support snapd prompting in general for both file and network rules. Currently the prompting patch is not part of the upstream release but is part of the vendored apparmor in snapd. In ordered for snapd to be able to vendor the noble release of apparmor it requires support for prompting. The prompting patch is a straight rebase to AppArmor 4.0 of the patch that has been in testing in snapd prompting for more than six months. Changes from 4.0.0~alpha4-0ubuntu1 (current noble) version Beta1 added three additional features that were not present in alpha4 (current Noble). • support for fine grained (address based) IPv4 and IPv6 mediation (required for prompting to support networking). • aa-notify support message filters to reduce notifications • aa-logprof/genprof support for mount rules None of these features affect existing policy, which will continue to function under the abi that it was developed under. This can be seen in the regression testing below. I addition to the 3 features introduced in Beta1, Beta1 and Beta2 add several bug fixes the most important are highlighted below with the full list available in the upstream release notes, available at https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0-beta2 • new unconfined profiles in support of unprivileged user namespace mediation https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626 ∘ nautalus, devhelp, element-desktop, epiphany, evolution, keybase, opam • fix policy generation for non-af_inet rules (MR:1175) • Fix race when reading proc files (AABUG:355, MR:1157) • handle unprivileged_userns transition in userns tests (MR:1146) • fix usr-merge failures on exec and regex tests (MR:1146) This proposed change has been tested via the QA Regression Testing project, in particular with the specific test added in https://git.launchpad.net/qa-regression-testing/commit/?id=6f2c5ab7c8659174adac772ce0e894328bb5045d The output of a test run is in the attached qrt.output file. Of which the summary is below Ran 62 tests in 811.542s OK (skipped=3) The changelog is available here https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-devel/+files/apparmor_4.0.0~beta2-0ubuntu3_source.changes The prepared package is available via the ppa https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-ffe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
