[Touch-packages] [Bug 2121907] Re: [FFE] add support for the AppArmor kernel v9 AF_UNIX abi to the AppArmor parser

Thu, 11 Sep 2025 15:52:21 -0700 

** Changed in: apparmor (Ubuntu)
       Status: New => Deferred

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2121907

Title:
  [FFE] add support for the AppArmor kernel v9 AF_UNIX abi to the
  AppArmor parser

Status in apparmor package in Ubuntu:
  Deferred

Bug description:
  ## FFE ##

  This is a FFE for the AppArmor parser userspace, giving it the ability
  to utilize v9 of the AF_UNIX socket mediation ABI previously
  introduced into the kernel side of AppArmor. v9 brings with it
  semantic changes to mediation and socket labeling that will help
  tighten security and better align mediation behavior with the upstream
  version of AF_UNIX socket in the 6.17 kernel.

  Support for v9 AF_UNIX will enable Ubuntu users to use upstream
  kernels (v6.17 and later) without degrading the confinement provided
  by the snapd sandbox. It will also help snapd, which plans to vendor
  the latest Questing version of the AppArmor userspace, as it is
  required for snapd to provide a non-degraded sandbox experience on
  other distributions based on upstream kernels.

  Besides this feature, this patchset also bundles fixes for the
  socketpair AppArmor regression test. These fixes currently require the
  v9 parser feature, which is why they are bundled with this FFE instead
  of uploaded separately as a bug fix.

  A built version of this package can be found at
  https://launchpad.net/~rlee287/+archive/ubuntu/apparmor-
  staging/+packages as version v5.0.0~alpha1-0ubuntu5.

  Testing was performed via the QRT test suite for AppArmor:

   * To prepare the QRT test suite (can be done on any machine):
     - `git clone https://git.launchpad.net/qa-regression-testing`
     - `./scripts/make-test-tarball ./scripts/test-apparmor.py`
   * To run the QRT test suite:
     - Copy the tarball onto the machine with the new AppArmor installed and 
extract it
     - `sudo ./install-packages test-apparmor.py`
     - Reboot the machine
     - `sudo ./test-apparmor.py -v`

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121907/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to