diff --git a/Kernel_Feature_Matrix.md b/Kernel_Feature_Matrix.md
index e1e7ec8..6620898 100644
--- a/Kernel_Feature_Matrix.md
+++ b/Kernel_Feature_Matrix.md
@@ -14,7 +14,7 @@
| 4.8 | - allow CAP_SYS_RESOURCE to prlimit another task
- add kernel parameter and kconfig to allow controlling if profile hashing is used
- Bug fixes and code cleanups
|
| 4.9 - 4.10 | Bug fixes and code cleanups |
| 4.11 | - add /sys/kernel/security/lsm to enable detecting currently in use lsm
- kernel parameters
- remove paranoid load parameter - all policy loads now do full checking
- speedup mediation by use of percpu buffers
- add sysctl /proc/sys/kernel/unprivileged_userns_apparmor_policy to allow disabling user namespaces from loading policy
- add query interface for extended profile key/value data store
- allow profile hashing to be disabled with a kconfing
- policy namespaces
- add namespace view support and restrictions on visibility
- add per namespace policy interface file to directly load policy into a namespace
- policy/namespaces/NAMESPACE/.load
- policy/namespaces/NAMESPACE/.replace
- policy/namespaces/NAMESPACE/.remove
- allow introspecting and checkpoint and restore of loaded profile data via
- policy/profiles/PROFILE/raw_abi
- policy/profiles/PROFILE/raw_data
- policy/profiles/PROFILE/raw_sha1
- on exec dup2 opened files that the task won't have permission to access to a special .null device file
- Complain mode
- support force complain flag
- try to create null profiles using the exec name null-EXECNAME
- feature set
- add features/domain/fix_binfmt_elf_mmap to enable userspace to detect the semantic change caused by 9f834ec18def
- report namespace name in audit messages
- Bug fixes and code cleanups
|
-| 4.12 | - kernel parameters
- make path_max readonly
- Bug fixes and code cleanups
|
+| 4.12 | - kernel parameters
- Bug fixes and code cleanups
|
| 4.13 | - add v7 abi
- speedup path lookups with preallocated buffers
- revalidate files at exec transition time
- fine grained ptrace mediation
- domain bounding through profile stacking
- profile stacking api
- extended change_profile to support profile stacking
- support profile stacks in exec transitions
- apparmorfs interface
- apparmorfs policy virtualization
- the policy/ entry is now a special symlink to a virtualized policy directory
- policy/ directory is now virtualized based on opening task confinement so tasks can only see the subset of policy in their view
- add namespace level rawdata files
- unique profile based rawdata files for each namespace in policy/raw_data/
- profile raw_data files are now a symlink to the appropriate policy/raw_data/ files.
- mkdir/rmdir fs based interface for creating namespaces
- mkdir policy/namespaces/NAMESPACE
- rmdir policy/namespaces/NAMESPACE
- revision file interface
- read current policy revision and select/poll for when policy changes via
- revision for reading the current task's policy namespace revision
- policy/revision for the current namespace revision
- policy/namespaces/NAMESPACE/revision for a given namespace policy revision
- query interface
- support multiple queries per query transaction
- support querying if a profile supports a given mediation type
- features set
- add namespace support to available feature set
- add label data query availability to feature set
- Bug fixes and code cleanups
|
| 4.14 | - mount mediation
- new mount
- remount
- bind mount
- change type
- umount
- pivot_root
- signal mediation
- policy unpack log extended error messages
- Bug fixes and code cleanups
|
| 4.15 - 4.16 | Bug fixes and code cleanups|