AppArmor

apparmor:apparmor-2.13

  1. Git
  2. lp:apparmor
  3. apparmor-2.13
Last commit made on 2024-05-02
Get this branch:
git clone -b apparmor-2.13 https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
apparmor-2.13
Repository:
lp:apparmor

Recent commits

023335d... by John Johansen <email address hidden>

Merge gitlab-ci.yml: set fixed version on pipeline for 2.13

In order to maintain compatibility with Python 2 in AppArmor 2.13, set
the pipeline to use a version of ubuntu which supports Python 2.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/388
Signed-off-by: Georgia Garcia <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1225
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>

18effc5... by Georgia Garcia

gitlab-ci.yml: set fixed version on pipeline for 2.13

In order to maintain compatibility with Python 2 in AppArmor 2.13, set
the pipeline to use a version of ubuntu which supports Python 2.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/388
Signed-off-by: Georgia Garcia <email address hidden>

48bc355... by Christian Boltz

Merge abstractions/openssl: allow version specific engdef & engines paths

Some openssl distributions use version specific engdef and engines paths
to support multi-version installations.

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1219571

Signed-off-by: David Disseldorp <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1147
Approved-by: Christian Boltz <email address hidden>
Merged-by: Christian Boltz <email address hidden>

(cherry picked from commit 2577fbf0770784e531f9210856208a774ae92af0)

2b8cf1be abstractions/openssl: allow version specific engdef & engines paths

ae409fc... by Georgia Garcia

Prepare for AppArmor 2.13.11 release

- update version file

Signed-off-by: Georgia Garcia <email address hidden>

d51b102... by John Johansen <email address hidden>

Merge Prevent ANSI terminal injection in aa-unconfined

/proc/$pid/cmdline can be changed by an application, therefore escape it
before printing.

The program name in /proc/$pid/exe can also contain any characters
(except \0 and shashes) and needs escaping.

Note: repr() wraps the string into single quotes, which we have to
remove to avoid changing the output format.

The test program from issue 364 now gets displayed as

    28443 /path/to/issue364 (/\x1b]0;X\x07) not confined

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/364

I propose this patch for 2.13..master

Closes #364
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1142
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>

(cherry picked from commit e63c1e3a76dd03dfae954d6ac2bf900133914553)
Signed-off-by: John Johansen <email address hidden>

75c7c5d... by John Johansen <email address hidden>

Merge doc(fix): Fix wrong syntax for profile stacking

Add missing change_profile entry required for the example

Signed-off-by: Mostafa Emami <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1141
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>
(cherry picked from commit 3e28d0a25478b720b6319827238f5cb046029b04)
Signed-off-by: John Johansen <email address hidden>

fcfb865... by John Johansen <email address hidden>

Merge manpages: Add ENOPROTOOPT error in aa_getcon() manpage

The call aa_getpeercon() can return ENOPROTOOPT error in some cases, specifically when the kernel lacks 'fine grained unix mediation'. Currently, this capability isn't available in upstream kernels, but only in patched ones (for example, the regular Ubuntu kernels). Unfortunately, the manpage lacks this info. This patch fixes this.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/366
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1143
Approved-by: John Johansen <email address hidden>
Merged-by: John Johansen <email address hidden>
(cherry picked from commit b03abbd75fb6d9e309bfb43ab87b77c39d32efdf)
Signed-off-by: John Johansen <email address hidden>

1110197... by Georgia Garcia

Merge parser: Deprecation warning should not have been backported

Outputing the deprecation warning is a change in behavior that is not
a bug fix.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit ca7f79174e7eb86ec744943a1f0155734c2f538f)
Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1129
Merged-by: Georgia Garcia <email address hidden>

6b3eb5f... by Rodrigo Figueiredo Zaiden

parser: Deprecation warning should not have been backported

Outputing the deprecation warning is a change in behavior that is not
a bug fix.

Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit ca7f79174e7eb86ec744943a1f0155734c2f538f)
Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

636739f... by John Johansen <email address hidden>

Merge fix subprofile name in profile serialization

Given the following profile:

profile foo {
  profile bar {
    profile baz {
    }
  }
}

The parser would correctly serialize the "foo" profile and the
"foo//bar" profile, but it would incorrectly name "bar//baz" when it
should be "foo//bar//baz". This would cause issues loading the profile
in certain kernels causing a "parent does not exist" error.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1127
Merged-by: John Johansen <email address hidden>
(cherry picked from commit eb6fa022513f60ef340bf5ebe6d6aae3269f1f87)
Signed-off-by: John Johansen <email address hidden>