Public bug reported: ## FFE ##
This is a FFE for the AppArmor parser userspace, giving it the ability to utilize v9 of the AF_UNIX socket mediation ABI previously introduced into the kernel side of AppArmor. v9 brings with it semantic changes to mediation and socket labeling that will help tighten security and better align mediation behavior with the upstream version of AF_UNIX socket in the 6.17 kernel. Support for v9 AF_UNIX will enable Ubuntu users to use upstream kernels (v6.17 and later) without degrading the confinement provided by the snapd sandbox. It will also help snapd, which plans to vendor the latest Questing version of the AppArmor userspace, as it is required for snapd to provide a non-degraded sandbox experience on other distributions based on upstream kernels. Besides this feature, this patchset also bundles fixes for the socketpair AppArmor regression test. These fixes currently require the v9 parser feature, which is why they are bundled with this FFE instead of uploaded separately as a bug fix. A built version of this package can be found at (todo: populate link once LP bug number can be added to changelog). Testing was performed via the QRT test suite for AppArmor: * To prepare the QRT test suite (can be done on any machine): - `git clone https://git.launchpad.net/qa-regression-testing` - `./scripts/make-test-tarball ./scripts/test-apparmor.py` * To run the QRT test suite: - Copy the tarball onto the machine with the new AppArmor installed and extract it - `sudo ./install-packages test-apparmor.py` - Reboot the machine - `sudo ./test-apparmor.py -v` ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121907 Title: [FFE] add support for the AppArmor kernel v9 AF_UNIX abi to the AppArmor parser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121907/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
