After some more discussion with the rest of the AppArmor team, we have decided to defer pushing this FFE for the time being, at least until the Questing beta gets released.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2121907 Title: [FFE] add support for the AppArmor kernel v9 AF_UNIX abi to the AppArmor parser Status in apparmor package in Ubuntu: New Bug description: ## FFE ## This is a FFE for the AppArmor parser userspace, giving it the ability to utilize v9 of the AF_UNIX socket mediation ABI previously introduced into the kernel side of AppArmor. v9 brings with it semantic changes to mediation and socket labeling that will help tighten security and better align mediation behavior with the upstream version of AF_UNIX socket in the 6.17 kernel. Support for v9 AF_UNIX will enable Ubuntu users to use upstream kernels (v6.17 and later) without degrading the confinement provided by the snapd sandbox. It will also help snapd, which plans to vendor the latest Questing version of the AppArmor userspace, as it is required for snapd to provide a non-degraded sandbox experience on other distributions based on upstream kernels. Besides this feature, this patchset also bundles fixes for the socketpair AppArmor regression test. These fixes currently require the v9 parser feature, which is why they are bundled with this FFE instead of uploaded separately as a bug fix. A built version of this package can be found at https://launchpad.net/~rlee287/+archive/ubuntu/apparmor- staging/+packages as version v5.0.0~alpha1-0ubuntu5. Testing was performed via the QRT test suite for AppArmor: * To prepare the QRT test suite (can be done on any machine): - `git clone https://git.launchpad.net/qa-regression-testing` - `./scripts/make-test-tarball ./scripts/test-apparmor.py` * To run the QRT test suite: - Copy the tarball onto the machine with the new AppArmor installed and extract it - `sudo ./install-packages test-apparmor.py` - Reboot the machine - `sudo ./test-apparmor.py -v` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121907/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
