AppArmor

AppArmor 2.12.3

  1. Series 2.12
  2. 2.12.3

Milestone information

Project:
AppArmor
Series:
2.12
Version:
2.12.3
Released:
 
Registrant:
John Johansen
Release registered:
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon apparmor-2.12.3.tar.gz (md5, sig) AppArmor 2.12.3 377
last downloaded 3 weeks ago
Total downloads: 377

Release notes 

This release does not have release notes.

Changelog 

View the full changelog

Changes in This Release

Build Infrastructure

add files to .gitignore:

swig auto generated files for ruby (MR366)

fix libapparmor swig 4 failure 'aa_log_record' object has no attribute '__getattr__' (BUG33)

Policy Compiler (a.k.a apparmor_parser)

clean up error handling (dbug921866, LP1815294)
fix parsing of target profile NAME in directed transitions “px -> NAME"
improve runtime attachment by determine xmatch priority based on smallest DFA match
don't skip cache just because parser optimizations are specified

Init

ensure error value is returned correctly (MR352)

Utils

logprof/genprof:

drop failing corner-case check in logparser.py (bso1120472, MR297)
drop unused get_profile_filename() from logparser.py (MR297)
fix error KeyError: 'logfiles' when no logprof.conf exists (MR365)
don't drop later events when user selects to deny a hat (MR378)

update network keyword list and add corresponding tests (MR350)

Policy

Profiles

dnsmasq: Work around breakage caused by {bin,sbin} alternation (bso1127073, MR346)
dovecot:

allow FD passing between dovecot and dovecot's anvil (MR336)
allow chroot'ing the auth processes (MR336)
let dovecot/anvil rw the auth-penalty socket (MR336)
auth processes need to read from postfix auth socket (MR336)
add abstractions/ssl_certs to lmtp (MR336)
align {pop3,managesieve}-login to imap-login
allow dovecot-lda to read anything under /usr/share/dovecot/protocols.d/
allow lmtp the dac_read_search capability
allow master to use SIGTERM on children that are slow to die

identd: allow network netlink dgram (MR353)
syslog-ng: add abstractions/python for python-parser

Abstractions

audio:

grant read access to the libao configuration files (dbug920670, MR320)
grant read access to the system-wide asound.conf (dbug920669, MR320)

fonts:

allow writing to owned fontconfig directories
allow creating owned fontconfig directories

gnome:

allow creating gtk-2, gtk-3 config directories
allow read/write access to gtk-3 config directory

kde:

update kde abstraction for common settings (MR327)
fix global settings access for Kubuntu and openSUSE (MR327)

ldapclient: allow read/write access to the nslcd socket
nameservice: allow /run/netconfig/resolv.conf (bso1097370)
nvidia: allow reading nvidia application profiles
postfix-common: make compatible with latest postfix profiles
python: allow /usr/local/lib/python3
qt5: read user configuration
ubuntu-browsers.d/multimedia: allow creating and writing to owned .adobe directory
vulkan: allow reading /etc/vulkan/icd.d/ (MR329)

Tests

fix various tests to cope with usr-merge (MR331)
fix mount test to use next available loop device (MR379)

Documentation

update list of network domain keywords in the apparmor.d manpage (MR349)
drop to option for link rules from the apparmor.d manpage (MR368)

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.