This is missing the SRU template information. Particularly: what is the test plan to verify (a) that this does what we need, and (b) doesn't accidentally break existing apparmor profiles?
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1728130 Title: Policy needs improved feature versioning to ensure it is correctly being applied Status in apparmor package in Ubuntu: New Bug description: Currently allows pinning a single feature abi or running in a developer mode where the full abi available of the current kernel is enforced. However this can result in breaking applications in undesirable ways. If an application is shipped with its own policy, that policy might be different than the pinned feature abi, which can either result in denials because features the policy was not developed for are being enforced. If the feature version is not pinned then the most recent kernel abi is taken and applied to policy, which has not been updated. This can result in denials for userspace effectively breaking userspace. This is less than ideal for most users as it leads to a bad experience than they have not opted into and can lead to them disabling security protections. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1728130/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
