mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity

Update Release_Notes_2.13.2

John Johansen 2018-12-19 11:43:21 +00:00
parent 9f84fb7701
commit 2a70ed458a
1 changed files with 29 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
Release_Notes_2.13.2.md

@ -22,114 +22,62 @@ Tarball
- signature: <https://launchpad.net/apparmor/2.13/2.13.2/+download/apparmor-2.13.2.tar.gz.asc> - signature: <https://launchpad.net/apparmor/2.13/2.13.2/+download/apparmor-2.13.2.tar.gz.asc>
Build Infrastructure
--------------------
???
- fix FTBFS w/older glibc
Policy Compiler (a.k.a apparmor\_parser) Policy Compiler (a.k.a apparmor\_parser)
---------------------------------------- ----------------------------------------
- Fix failures due to -M only setting compile-features
- Don't hard code the location of netinet/in.h.
???
- allow specifying the parser config file
Init Init
---- ----
- fix permissions of apparmor.systemd helper script - Ignore *.orig and *.rej files when loading profiles
- skip XBPS conffile artifacts - Fix syntax error in rc.apparmor.functions which could cause policy load failures
Library
-------
???
- do not honor $LIBAPPARMOR_DEBUG when `secure_getenv` is undefined
Utils Utils
----- -----
???
- genprof/logprof - genprof/logprof
- error out on nested child profiles which are not currently supported - Fix viewing a local inactive profile in aa-genprof
- Ensure last line in a profile is valid
- aa-notify - Fix handling of options when serializing profiles
- make message about notify-send package cross-distro compatible - Fix minitools for named profiles
- Read user's configuration file from XDG_CONFIG_HOME - Fix preview when viewing profile changes
- sandbox.py
- remove unused exception binding
Policy Policy
------ ------
??? - Use @{sys} tunable in profiles and abstractions
- Profiles - Profiles
- support distributions which merge sbin into bin - Add profile names to all profiles with {bin,sbin} attachment except for the dnsmasq profile
- ping: support void linux binary location
- traceroute: support void linux binary location - dovecot: allow reading /proc/sys/fs/suid_dumpable
- dnsmasq - postalias: allow locking /etc/aliases.db
- add paths for NetworkManager connection sharing - dnsmasq:
- add permission to open log files - Add pid file used by NetworkManager
- allow running Thunderbird wrapper script - Adjust pattern for log files to comply with SELinux
- ntpd
- allow access to ntp clockstat
- add openntpd drift and socket files
- support void linux binary location
- samba
- allow smbd to load new shared libraries
- allow winbindd to read and write new kerberos cache location
- nmbd
- add missing files
- support writing to /run/systemd/notify
- smbd add missing pid lock file
- update usr.sbin.useradd to support usr-merge
- Tunables
- Make variables value more readable by avoiding the use of too many alternations.
- Add uid and uids kernel var placeholders
- Abstractions - Abstractions
- add qt5 abstraction - private-files: deny ~/.mutt**
- add qt5-compose-cache-write abstraction - private-files-strict: audit deny ~/.aws
- ubuntu-email: add new Thunderbird executable path - ssl_key: Add /etc/letsencrypt/archive
- ubuntu-browsers.d/user-files: disallow access to the dirs of private files - Add vulkan abstraction
- private-files: disallow writes to thumbnailer dir (LP: #1788929)
- private-files-strict: disallow access to the dirs of private files
- user-files: disallow access to the dirs of private files
- remove antiquated abstractions/launchpad-integration
- kde: use qt5 abstration
- samba: add missing log files
- add recent documents write abstraction and update abstractions to use it
- add OpenCL abstraction
- kde: drop redundant rules for icons access
- ssl
- add dehydrated certificate support
- support new location for ssl-params file
- php: allow ICU (unicode support) data tables
- Python:
- add support for python 3.7
- allow /usr/local/lib/python3/dist-packages
- freedesktop.org:
- factor out duplicated path components with variables
- treat Flatpak exports the same way as bits shipped by the distro.
- simplify by not attempting to guess the exhaustive list of files that can exist in {~/.local/share,/usr/share}/applications/.
- refactor for consistency.
- nvidia
- opencl: don't allow PUx on nvidia-modprobe
- use nvidia_modprobe profile inside opencl-nvidia
Tests Tests
----- -----
- mount regression test: convert mount test to use MS_NODE - error out on superfluous TODOs
- use --config-file in tests so they are unaffected by the system parser.conf file - disable abi/ok_10 and abi/ok_12 tests
- Remove TODO notes from no-longer-failing tests
- add utils/test/common_test.pyc to gitignore
Documentation Documentation
------------- -------------
- update documentation to references gitlab and updated bug reporting procedures. - apparmor(7): document various debugging options.
- aa-notify(8): update user's configuration file path
Note Note