* Refresh the patches related to AppArmor D-Bus mediation to reflect what
landed upstream in 1.9.12.
- 0001-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
0002-Add-LSM-agnostic-support-for-LinuxSecurityLabel-cred.patch,
0003-Add-regression-test-for-LinuxSecurityLabel-credentia.patch,
0004-Add-LinuxSecurityLabel-to-specification.patch: Add patches that
report the AppArmor confinement context in the bus driver's
GetConnectionCredentials method. A "LinuxSecurityLabel" key will be
present in the dictionary returned by the GetConnectionCredentials
method. The corresponding value will be the AppArmor confinement context
of the connection.
- 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
0003-Update-autoconf-file-to-build-against-libapparmor.patch,
0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
0005-Initialize-AppArmor-mediation.patch,
0006-Store-AppArmor-label-of-bus-during-initialization.patch,
0007-Store-AppArmor-label-of-connecting-processes.patch,
0008-Mediation-of-processes-that-acquire-well-known-names.patch,
0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
0010-Mediation-of-processes-sending-and-receiving-message.patch,
0011-Mediation-of-processes-eavesdropping.patch: Replace the patches
with the version that were merged upstream. The upstream review process
revealed a number of bugs and useful cleanups that are addressed in the
new patches.
+ No longer audit denials of unrequested reply messages (LP: #1362469)
- aa-get-connection-apparmor-security-context.patch: Update patch to
include a bug fix, from Simon McVittie, for AppArmor labels that contain
non UTF-8 characters.
- 0012-apparmor-tighten-up-terminology-for-context-vs.-labe.patch,
0013-apparmor-Fix-build-failure-with-disable-apparmor.patch: New patches
that were merged upstream to clean up the AA mediation code and fix a
build failure
- 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch: Drop
this patch. It became part of the "LinuxSecurityLabel" patch set and is
added back with a new file name.
0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Drop this
patch in favor of the "LinuxSecurityLabel" patch set. This means that
the AppArmorContext and AppArmorMode keys will not be present in the
dictionary returned by GetConnectionCredentials. Ubuntu shipped this
patch in 14.10 but, as far as I know, those keys were not used by any
applications in 14.10. Since this patch was not accepted upstream,
Ubuntu should drop it and new applications should begin using
"LinuxSecurityLabel".
-- Tyler Hicks <email address hidden> Thu, 19 Feb 2015 11:06:14 -0600
This bug was fixed in the package dbus - 1.8.12-1ubuntu2
---------------
dbus (1.8.12-1ubuntu2) vivid; urgency=medium
* Refresh the patches related to AppArmor D-Bus mediation to reflect what a-sv-helper- for-using- byte-arrays- as-the- variant. patch, Add-LSM- agnostic- support- for-LinuxSecuri tyLabel- cred.patch, Add-regression- test-for- LinuxSecurityLa bel-credentia. patch, Add-LinuxSecuri tyLabel- to-specificatio n.patch: Add patches that tionCredentials method. A "LinuxSecurityL abel" key will be edentials AppArmor- enforcement- in-the- dbus-daemon- man.patch, Add-apparmor- element- and-attributes- to-the- bus-confi. patch, Update- autoconf- file-to- build-against- libapparmor. patch, Add-apparmor- element- support- to-bus- config- parsing. patch, Initialize- AppArmor- mediation. patch, Store-AppArmor- label-of- bus-during- initialization. patch, Store-AppArmor- label-of- connecting- processes. patch, Mediation- of-processes- that-acquire- well-known- names.patch, Do-LSM- checks- after-determini ng-if-the- message- is-a-.patch, Mediation- of-processes- sending- and-receiving- message. patch, Mediation- of-processes- eavesdropping. patch: Replace the patches connection- apparmor- security- context. patch: Update patch to tighten- up-terminology- for-context- vs.-labe. patch, apparmor- Fix-build- failure- with-disable- apparmor. patch: New patches a-sv-helper- for-using- byte-arrays- as-the- variant. patch: Drop abel" patch set and is Add-AppArmor- support- to-GetConnectio nCredentials. patch: Drop this abel" patch set. This means that edentials. Ubuntu shipped this LinuxSecurityLa bel".
landed upstream in 1.9.12.
- 0001-New-
0002-
0003-
0004-
report the AppArmor confinement context in the bus driver's
GetConnec
present in the dictionary returned by the GetConnectionCr
method. The corresponding value will be the AppArmor confinement context
of the connection.
- 0001-Document-
0002-
0003-
0004-
0005-
0006-
0007-
0008-
0009-
0010-
0011-
with the version that were merged upstream. The upstream review process
revealed a number of bugs and useful cleanups that are addressed in the
new patches.
+ No longer audit denials of unrequested reply messages (LP: #1362469)
- aa-get-
include a bug fix, from Simon McVittie, for AppArmor labels that contain
non UTF-8 characters.
- 0012-apparmor-
0013-
that were merged upstream to clean up the AA mediation code and fix a
build failure
- 0012-New-
this patch. It became part of the "LinuxSecurityL
added back with a new file name.
0013-
patch in favor of the "LinuxSecurityL
the AppArmorContext and AppArmorMode keys will not be present in the
dictionary returned by GetConnectionCr
patch in 14.10 but, as far as I know, those keys were not used by any
applications in 14.10. Since this patch was not accepted upstream,
Ubuntu should drop it and new applications should begin using
"
-- Tyler Hicks <email address hidden> Thu, 19 Feb 2015 11:06:14 -0600