diff --git a/Release_Notes_3.1.md b/Release_Notes_3.1.md index 1dbfd20..b09382d 100644 --- a/Release_Notes_3.1.md +++ b/Release_Notes_3.1.md @@ -1,2594 +1 @@ -AppArmor 3.1 was released 2022-08-23. - -# Introduction - -AppArmor 3.1 is a new release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. - -This version of the userspace should work with all kernel versions from -2.6.15 and later (some earlier version of the kernel if they have the -apparmor patches applied). - - -# Obtaining the Release - -There are two ways to obtain this release either through gitlab or a tarball in launchpad. - -**Important note:** the gitlab release tarballs differ from the launchpad release tarballs. The launchpad release tarball has a couple processing steps already performed: - -* libapparmor `autogen.sh` is already done, meaning distros only need to use ./configure in their build setup -* the docs for everything but libapparmor have already been built - -### gitlab -- https://gitlab.com/apparmor/apparmor/-/releases/v3.1.0 - -### Launchpad - - - - sha256sum: 480494f8dbd8eed759e363b0e81875ce34c6c094059a79efaabf7c18265fa863 - - signature: - -# Changes in this Release - -These release notes cover all changes between 3.0 (939530b2b89ee26bef52ccfe3d271629f4da097d) and 3.1 (7c7224004c31389229877634a217fcc0c8e8567d) [apparmor-3.1 branch](https://gitlab.com/apparmor/apparmor/tree/apparmor-3.1). - - -## Init - -## Library - -## Policy Compiler (a.k.a apparmor_parser) - -## Utils - - -## Policy - -#### abstractions - -#### profiles - -## Tests - - - -------- -Raw dump ------------ - - - ------------------------- -Merges - - -f51049ea Merge dnsmasq: Add missing r permissions for libvirt_leaseshelper -c9c5208f dnsmasq: Add missing r permissions for libvirt_leaseshelper - [MR:905](https://gitlab.com/apparmor/apparmor/-/merge_requests/905) - Fixes: [BOO:1202161](https://bugzilla.opensuse.org/show_bug.cgi?id=1202161) -profiles/apparmor.d/usr.sbin.dnsmasq - - - -406b6398 Merge dnsmasq: allow paths for podman dnsname plugin in rootless mode -86069dd9 dnsmasq: allow paths for podman dnsname plugin in rootless mode - [MR:909](https://gitlab.com/apparmor/apparmor/-/merge_requests/909) -profiles/apparmor.d/usr.sbin.dnsmasq - - - -bcffe7c9 Merge Address Style Guide Infractions -2f9068e3 Remove duplicate regex "or" comments. -46a2be31 Remove outdated/incorrect comment. -e8b60e46 Improve regex formatting. -b1c2aeaa Be consistent with return statements when only returning None. -091c6ad5 Use string startswith() and endswith() methods instead of slicing to check for prefixes and suffixes. -854602c0 Use the fact that empty sequences are false. -68e3f12c Avoid escaping quotation marks where possible. -c57138f2 Order imports and module-level dunder name assignments. -ea3fb600 Break lines before binary operators. -ef2e6c62 Ensure variables inside functions are lower_case_with_underscores. -dc384c48 Use triple double-quoted strings for docstrings. -de3aa3c5 Correct misspelling. -f590a66e Remove redundant backslashes, and unnecessary semicolons and pass statements. -813c8314 Ensure non-membership tests are "not in". -96f71219 Fix most PEP 8 whitespace, indentation, and major line length violations. -e4f88cc3 Indent line continuations per PEP 8. -aff9bb8f Ensure no bool comparisons use equality comparisons. -62f99465 Ensure all None comparisons use `is` or `is not`. -0375ea12 Change tabs to spaces in Python files. - [MR:906](https://gitlab.com/apparmor/apparmor/-/merge_requests/906) - '''Example take from [LP:897957](https://bugs.launchpad.net/bugs/897957)''' -+ # Example take from [LP:897957](https://bugs.launchpad.net/bugs/897957) -- '''Example take from [LP:897957](https://bugs.launchpad.net/bugs/897957)''' -+ ('#include foo', AppArmorException), # [LP:1738879](https://bugs.launchpad.net/bugs/1738879) (no quotes) -+ ('include foo', AppArmorException), # [LP:1738879](https://bugs.launchpad.net/bugs/1738879) (no quotes) -- ('#include foo', AppArmorException ), # [LP:1738879](https://bugs.launchpad.net/bugs/1738879) (no quotes) -- ('include foo', AppArmorException ), # [LP:1738879](https://bugs.launchpad.net/bugs/1738879) (no quotes) -+ ('#include "foo"', AppArmorException), # [LP:1738880](https://bugs.launchpad.net/bugs/1738880) (relative) -+ ('include "foo"', AppArmorException), # [LP:1738880](https://bugs.launchpad.net/bugs/1738880) (relative) -- ('#include "foo"', AppArmorException ), # [LP:1738880](https://bugs.launchpad.net/bugs/1738880) (relative) -- ('include "foo"', AppArmorException ), # [LP:1738880](https://bugs.launchpad.net/bugs/1738880) (relative) -+ ('#include foo bar', AppArmorException), # [LP:1738877](https://bugs.launchpad.net/bugs/1738877) (space in name) -+ ('include foo bar', AppArmorException), # [LP:1738877](https://bugs.launchpad.net/bugs/1738877) (space in name) -- ('#include foo bar', AppArmorException ), # [LP:1738877](https://bugs.launchpad.net/bugs/1738877) (space in name) -- ('include foo bar', AppArmorException ), # [LP:1738877](https://bugs.launchpad.net/bugs/1738877) (space in name) - # [LP:1738877](https://bugs.launchpad.net/bugs/1738877) - parser doesn't handle files with spaces in the name - # [LP:1738880](https://bugs.launchpad.net/bugs/1738880) - parser doesn't handle relative paths everywhere, and -libraries/libapparmor/swig/python/test/buildpath.py -libraries/libapparmor/swig/python/test/test_python.py.in -parser/tst/caching.py -parser/tst/errors.py -parser/tst/gen-dbus.py -parser/tst/gen-xtrans.py -parser/tst/mk_features_file.py -parser/tst/testlib.py -parser/tst/valgrind_simple.py -tests/bin/shellcheck-tree -utils/aa-audit -utils/aa-autodep -utils/aa-cleanprof -utils/aa-complain -utils/aa-disable -utils/aa-easyprof -utils/aa-enforce -utils/aa-genprof -utils/aa-logprof -utils/aa-mergeprof -utils/aa-notify -utils/aa-sandbox -utils/aa-unconfined -utils/apparmor/aa.py -utils/apparmor/aare.py -utils/apparmor/cleanprofile.py -utils/apparmor/common.py -utils/apparmor/easyprof.py -utils/apparmor/fail.py -utils/apparmor/logparser.py -utils/apparmor/notify.py -utils/apparmor/profile_list.py -utils/apparmor/profile_storage.py -utils/apparmor/regex.py -utils/apparmor/rule/abi.py -utils/apparmor/rule/alias.py -utils/apparmor/rule/boolean.py -utils/apparmor/rule/capability.py -utils/apparmor/rule/change_profile.py -utils/apparmor/rule/dbus.py -utils/apparmor/rule/file.py -utils/apparmor/rule/include.py -utils/apparmor/rule/__init__.py -utils/apparmor/rule/network.py -utils/apparmor/rule/ptrace.py -utils/apparmor/rule/rlimit.py -utils/apparmor/rule/signal.py -utils/apparmor/rules.py -utils/apparmor/rule/variable.py -utils/apparmor/sandbox.py -utils/apparmor/severity.py -utils/apparmor/tools.py -utils/apparmor/translations.py -utils/apparmor/ui.py -utils/python-tools-setup.py -utils/test/common_test.py -utils/test/test-aa-cli-bootstrap.py -utils/test/test-aa-decode.py -utils/test/test-aa-easyprof.py -utils/test/test-aa-notify.py -utils/test/test-aa.py -utils/test/test-aare.py -utils/test/test-abi.py -utils/test/test-alias.py -utils/test/test-baserule.py -utils/test/test-boolean.py -utils/test/test-capability.py -utils/test/test-change_profile.py -utils/test/test-common.py -utils/test/test-config.py -utils/test/test-dbus.py -utils/test/test-example.py -utils/test/test-file.py -utils/test/test-include.py -utils/test/test-libapparmor-test_multi.py -utils/test/test-logparser.py -utils/test/test-minitools.py -utils/test/test-mount_parse.py -utils/test/test-network.py -utils/test/test-notify.py -utils/test/test-parser-simple-tests.py -utils/test/test-pivot_root_parse.py -utils/test/test-profile-list.py -utils/test/test-profiles.py -utils/test/test-profile-storage.py -utils/test/test-ptrace.py -utils/test/test-regex_matches.py -utils/test/test-rlimit.py -utils/test/test-severity.py -utils/test/test-signal.py -utils/test/test-translations.py -utils/test/test-unix_parse.py -utils/test/test-variable.py -utils/vim/create-apparmor.vim.py - - - -c06ea774 Merge Set (instead of compare) exresult -5a2fb856 Set (instead of compare) exresult - [MR:907](https://gitlab.com/apparmor/apparmor/-/merge_requests/907) -utils/test/test-parser-simple-tests.py - - - -a555ccd9 Merge Fix setuptools version detection in buildpath.py -1ff0c2c7 Use basepath.py in profiles Makefile -fda39098 Fix setuptools version detection in buildpath.py - [MR:904](https://gitlab.com/apparmor/apparmor/-/merge_requests/904) - [AABUG:39](https://gitlab.com/apparmor/apparmor/-/issues/39) and #259 -libraries/libapparmor/swig/python/test/buildpath.py -profiles/Makefile - - - -1f3a817c Merge dirtest.sh: don't rely on apparmor_parser -N's output sort order to be deterministic -c0815d0e dirtest.sh: don't rely on apparmor_parser -N's output sort order to be deterministic - [MR:900](https://gitlab.com/apparmor/apparmor/-/merge_requests/900) -parser/tst/dirtest/dirtest.out -parser/tst/dirtest.sh - - - -c0b5d908 Merge Resolve "Python: Ensure opened files are closed." -e6cbdef4 Implement code review comments. -cf6606d3 Ensure opened temporary files are closed. -0c1eb3ec Ensure opened files are closed. - [MR:898](https://gitlab.com/apparmor/apparmor/-/merge_requests/898) - [AABUG:239](https://gitlab.com/apparmor/apparmor/-/issues/239) -parser/tst/valgrind_simple.py -utils/apparmor/aa.py -utils/apparmor/common.py -utils/apparmor/config.py -utils/apparmor/easyprof.py -utils/apparmor/fail.py -utils/apparmor/logparser.py -utils/apparmor/sandbox.py -utils/apparmor/ui.py -utils/test/test-aa-decode.py -utils/test/test-aa-notify.py - - - -ea0dc960 Merge Support setuptools >= 61.2 in Python tests -d442584a reviewed edits -85734c3b add setuptools to test-utils CI job -47d68dac use new build_platlib path with setuptools >= 61.2 - [MR:897](https://gitlab.com/apparmor/apparmor/-/merge_requests/897) - Fix for #253, by mirroring the change from [HUBMR:3258](https://github.com/pypa/setuptools/pull/3258)/commits/1c23f5e1e4b18b50081cbabb2dea22bf345f5894 -.gitlab-ci.yml -libraries/libapparmor/swig/python/test/buildpath.py -libraries/libapparmor/swig/python/test/Makefile.am -utils/test/Makefile -utils/test/README.md - - - -97bd86c7 Merge Remove Python 2 support. -db4939cf Improve variable name. -44c814e7 Update code coverage settings. -df97cf89 Remove Python 2 support. - [MR:894](https://gitlab.com/apparmor/apparmor/-/merge_requests/894) -libraries/libapparmor/swig/python/__init__.py -parser/tst/caching.py -parser/tst/valgrind_simple.py -utils/apparmor/aa.py -utils/apparmor/aare.py -utils/apparmor/cleanprofile.py -utils/apparmor/common.py -utils/apparmor/config.py -utils/apparmor/easyprof.py -utils/apparmor/fail.py -utils/apparmor/logparser.py -utils/apparmor/profile_storage.py -utils/apparmor/rule/abi.py -utils/apparmor/rule/alias.py -utils/apparmor/rule/boolean.py -utils/apparmor/rule/capability.py -utils/apparmor/rule/change_profile.py -utils/apparmor/rule/dbus.py -utils/apparmor/rule/file.py -utils/apparmor/rule/include.py -utils/apparmor/rule/__init__.py -utils/apparmor/rule/network.py -utils/apparmor/rule/ptrace.py -utils/apparmor/rule/rlimit.py -utils/apparmor/rule/signal.py -utils/apparmor/rules.py -utils/apparmor/rule/variable.py -utils/apparmor/sandbox.py -utils/apparmor/severity.py -utils/apparmor/tools.py -utils/apparmor/ui.py -utils/python-tools-setup.py -utils/test/Makefile -utils/test/test-aa-easyprof.py -utils/test/test-aa.py -utils/test/test-common.py -utils/test/test-minitools.py -utils/vim/create-apparmor.vim.py - - - -0859b42b profiles: merge Update syslogd for inetutils-syslogd -8175d26c Update syslogd for inetutils-syslogd - [MR:888](https://gitlab.com/apparmor/apparmor/-/merge_requests/888) -profiles/apparmor.d/sbin.syslogd - - - -e1011d64 Merge rc.apparmor.functions: only use systemd-detect-virt if it's present -06f86e2a rc.apparmor.functions: only use systemd-detect-virt if it's present - [MR:896](https://gitlab.com/apparmor/apparmor/-/merge_requests/896) -parser/rc.apparmor.functions - - - -57eebd6c Merge zgrep: allow executing egrep and fgrep -df37c299 zgrep: allow executing egrep and fgrep - [MR:892](https://gitlab.com/apparmor/apparmor/-/merge_requests/892) -profiles/apparmor.d/zgrep - - - -08da556e Merge Fix inconsistent return length. -728dbde5 Fix inconsistent return length. - [MR:890](https://gitlab.com/apparmor/apparmor/-/merge_requests/890) -parser/tst/testlib.py - - - -43f41945 Merge Speed up list creations, and change lists to tuples where appropriate. -7581c9e1 Speed up list creations, and change lists to tuples where appropriate.. - [MR:889](https://gitlab.com/apparmor/apparmor/-/merge_requests/889) - elif parsed_items['operation'] == 'ptrace' and label == 'name2' and params.endswith('/ptrace_garbage_[LP:1689667](https://bugs.launchpad.net/bugs/1689667)_1'): - elif parsed_items['operation'] == 'ptrace' and label == 'name2' and params.endswith('/ptrace_garbage_[[LP:1689667](https://bugs.launchpad.net/bugs/1689667)](https://bugs.launchpad.net/bugs/1689667)_1'): - '''Example take from [LP:897957](https://bugs.launchpad.net/bugs/897957)''' -parser/tst/caching.py -parser/tst/errors.py -parser/tst/gen-dbus.py -parser/tst/testlib.py -parser/tst/valgrind_simple.py -utils/apparmor/aa.py -utils/apparmor/common.py -utils/apparmor/easyprof.py -utils/apparmor/logparser.py -utils/apparmor/profile_storage.py -utils/apparmor/regex.py -utils/apparmor/rule/boolean.py -utils/apparmor/rule/file.py -utils/apparmor/rule/__init__.py -utils/apparmor/rule/rlimit.py -utils/apparmor/rule/variable.py -utils/apparmor/sandbox.py -utils/apparmor/tools.py -utils/apparmor/ui.py -utils/python-tools-setup.py -utils/test/common_test.py -utils/test/test-aa-decode.py -utils/test/test-aa-easyprof.py -utils/test/test-aa-notify.py -utils/test/test-aa.py -utils/test/test-aare.py -utils/test/test-abi.py -utils/test/test-alias.py -utils/test/test-boolean.py -utils/test/test-capability.py -utils/test/test-change_profile.py -utils/test/test-common.py -utils/test/test-config.py -utils/test/test-dbus.py -utils/test/test-example.py -utils/test/test-file.py -utils/test/test-include.py -utils/test/test-libapparmor-test_multi.py -utils/test/test-logparser.py -utils/test/test-mount_parse.py -utils/test/test-network.py -utils/test/test-notify.py -utils/test/test-parser-simple-tests.py -utils/test/test-pivot_root_parse.py -utils/test/test-profile-list.py -utils/test/test-profile-storage.py -utils/test/test-ptrace.py -utils/test/test-regex_matches.py -utils/test/test-rlimit.py -utils/test/test-severity.py -utils/test/test-signal.py -utils/test/test-translations.py -utils/test/test-unix_parse.py -utils/test/test-variable.py -utils/vim/create-apparmor.vim.py - - - -36c704ce Merge Avoid unnecessary memory copies when enlarging lists. -ca9920cf Avoid unnecessary memory copies when enlarging lists. - [MR:886](https://gitlab.com/apparmor/apparmor/-/merge_requests/886) - This merge request addresses [AABUG:240](https://gitlab.com/apparmor/apparmor/-/issues/240). -parser/tst/caching.py -parser/tst/errors.py -utils/apparmor/aa.py -utils/apparmor/profile_list.py -utils/apparmor/profile_storage.py -utils/apparmor/rule/change_profile.py -utils/apparmor/rule/file.py -utils/apparmor/rule/include.py -utils/apparmor/rule/__init__.py -utils/apparmor/sandbox.py -utils/test/test-libapparmor-test_multi.py -utils/test/test-signal.py - - - -50a45c6a Merge Ensure opened files are closed. -bf819bc8 Ensure opened files are closed. - [MR:885](https://gitlab.com/apparmor/apparmor/-/merge_requests/885) - This partially addresses [AABUG:239](https://gitlab.com/apparmor/apparmor/-/issues/239). There are still some remaining instances where opened files are not properly closed, e.g. the `NamedTemporaryFile` in `utils/apparmor/config.py`. -parser/tst/valgrind_simple.py -utils/apparmor/config.py -utils/apparmor/easyprof.py -utils/apparmor/sandbox.py -utils/test/test-aa-easyprof.py -utils/test/test-aa-notify.py - - - -df1ca957 Merge Fix spelling and grammar errors. -c255968e Fix spelling and grammar errors. - [MR:887](https://gitlab.com/apparmor/apparmor/-/merge_requests/887) -parser/tst/gen-xtrans.py -utils/aa-notify -utils/apparmor/aa.py -utils/apparmor/config.py -utils/apparmor/easyprof.py -utils/test/test-alias.py -utils/test/test-profile-list.py - - - -d7e3f33a Merge abstraction/exo-open: Remove dbus deny rule -cd91492d abstraction/exo-open: Remove dbus deny rule - [MR:884](https://gitlab.com/apparmor/apparmor/-/merge_requests/884) -profiles/apparmor.d/abstractions/exo-open - - - -48fc233d Merge samba profiles: support paths used by Arch Linux -deadcc0d samba profiles: support paths used by Arch Linux - [MR:883](https://gitlab.com/apparmor/apparmor/-/merge_requests/883) -profiles/apparmor.d/samba-bgqd -profiles/apparmor.d/samba-dcerpcd -profiles/apparmor.d/samba-rpcd -profiles/apparmor.d/samba-rpcd-classic -profiles/apparmor.d/samba-rpcd-spoolss -profiles/apparmor.d/usr.sbin.smbd -profiles/apparmor.d/usr.sbin.winbindd - - - -6e0b6607 Merge Update for the mesa abstraction -a54409eb Update for the mesa abstraction - [MR:879](https://gitlab.com/apparmor/apparmor/-/merge_requests/879) -profiles/apparmor.d/abstractions/mesa - - - -8490fa1d Merge Add missing permissions for dovecot-{imap,lmtp,pop3} -ad8df7f8 Add missing permissions for dovecot-{imap,lmtp,pop3} - [MR:881](https://gitlab.com/apparmor/apparmor/-/merge_requests/881) - References: [BOO:1199535](https://bugzilla.opensuse.org/show_bug.cgi?id=1199535) -profiles/apparmor.d/usr.lib.dovecot.imap -profiles/apparmor.d/usr.lib.dovecot.lmtp -profiles/apparmor.d/usr.lib.dovecot.pop3 - - - -a61ae7b2 Merge parser/capability.h: add missing include -64a64be7 parser/capability.h: add missing include - [MR:882](https://gitlab.com/apparmor/apparmor/-/merge_requests/882) -parser/capability.h - - - -ab19f559 Merge profiles/apparmor.d: update samba-dceprpc & samba-rpcd-* profiles -6a621616 profiles/apparmor.d: update samba-dceprpc & samba-rpcd-* profiles - [MR:880](https://gitlab.com/apparmor/apparmor/-/merge_requests/880) - Fixes: [BOO:1198309](https://bugzilla.opensuse.org/show_bug.cgi?id=1198309) -profiles/apparmor.d/samba-dcerpcd -profiles/apparmor.d/samba-rpcd -profiles/apparmor.d/samba-rpcd-classic -profiles/apparmor.d/samba-rpcd-spoolss - - - -62bf2f77 Merge zgrep profile: also allow zstd -c5a51a08 zgrep profile: also allow zstd - [MR:878](https://gitlab.com/apparmor/apparmor/-/merge_requests/878) -profiles/apparmor.d/zgrep - - - -c7d060a7 Merge Add some empty and cut-off bad abi rules -8cb81ec2 Add some empty and cut-off bad abi rules - [MR:875](https://gitlab.com/apparmor/apparmor/-/merge_requests/875) -parser/tst/simple_tests/abi/bad_13.sd -parser/tst/simple_tests/abi/bad_14.sd -parser/tst/simple_tests/abi/bad_15.sd -parser/tst/simple_tests/abi/bad_16.sd -parser/tst/simple_tests/abi/bad_17.sd -parser/tst/simple_tests/abi/bad_18.sd -parser/tst/simple_tests/abi/bad_19.sd -parser/tst/simple_tests/abi/bad_20.sd - - - -3083ce7a Merge Allow reading all of /etc/php[578]/** in abstractions/php -c946f0bf Allow reading all of /etc/php[578]/** in abstractions/php - [MR:876](https://gitlab.com/apparmor/apparmor/-/merge_requests/876) - Fixes: [AABUG:229](https://gitlab.com/apparmor/apparmor/-/issues/229) - Fixes: [BOO:1186267](https://bugzilla.opensuse.org/show_bug.cgi?id=1186267)#c11 -profiles/apparmor.d/abstractions/php -profiles/apparmor.d/php-fpm - - - -bfa67b36 Merge profiles: update snap_browsers permissions -eb828dde profiles: update snap_browsers permissions - [MR:877](https://gitlab.com/apparmor/apparmor/-/merge_requests/877) -profiles/apparmor.d/abstractions/snap_browsers - - - -69302067 Merge tools.py: inline check_profile_dir() into __init__() -48424735 tools.py: inline check_profile_dir() into __init__() - [MR:874](https://gitlab.com/apparmor/apparmor/-/merge_requests/874) -utils/apparmor/tools.py - - - -a2ff041e Merge zgrep profile: allow executing /usr/bin/expr -ad8c5f0b zgrep profile: allow executing /usr/bin/expr - [MR:873](https://gitlab.com/apparmor/apparmor/-/merge_requests/873) - Fixes: [BOO:1198531](https://bugzilla.opensuse.org/show_bug.cgi?id=1198531) -profiles/apparmor.d/zgrep - - - -3d27977b Merge profiles/apparmor.d: Add new profiles needed for samba-4.16 -c785bcbe profiles/apparmor.d: Add new profiles needed for samba-4.16 - [MR:871](https://gitlab.com/apparmor/apparmor/-/merge_requests/871) - Fixes: [BOO:1198309](https://bugzilla.opensuse.org/show_bug.cgi?id=1198309) -profiles/apparmor.d/abstractions/samba-rpcd -profiles/apparmor.d/samba-dcerpcd -profiles/apparmor.d/samba-rpcd -profiles/apparmor.d/samba-rpcd-classic -profiles/apparmor.d/samba-rpcd-spoolss -profiles/apparmor.d/usr.sbin.smbd -profiles/apparmor.d/usr.sbin.winbindd - - - -41b44367 Merge Add zgrep and xzgrep profile -4c853dc7 Add zgrep and xzgrep profile - [MR:870](https://gitlab.com/apparmor/apparmor/-/merge_requests/870) -profiles/apparmor.d/zgrep - - - -52e82516 Merge add a common reload_profile() function to aa.py -c6dabdf1 add a common reload_profile() function to aa.py - [MR:855](https://gitlab.com/apparmor/apparmor/-/merge_requests/855) -utils/apparmor/aa.py -utils/apparmor/tools.py - - - -10360327 Merge sbin.rpc.statd: add hosts_access abstraction, /etc/nfs.conf{,.d/} -8e845c2e sbin.rpc.statd: add hosts_access abstraction, /etc/nfs.conf{,.d/} - [MR:866](https://gitlab.com/apparmor/apparmor/-/merge_requests/866) -profiles/apparmor/profiles/extras/sbin.rpc.statd - - - -4537a501 Merge profiles/apparmor.d/abstraction: Squash noisey setsockopt calls. -90f97357 profiles/apparmor.d/abstraction: Squash noisey setsockopt calls. - [MR:867](https://gitlab.com/apparmor/apparmor/-/merge_requests/867) -profiles/apparmor.d/abstractions/samba - - - -52b6b97c Merge dirtest.sh: error out on unexpected success -2036f6fa dirtest.sh: error out on unexpected success - [MR:868](https://gitlab.com/apparmor/apparmor/-/merge_requests/868) -parser/tst/dirtest.sh - - - -83685ba7 Merge Allow dovecot to use all signals -f0919f83 Allow dovecot to use all signals - [MR:865](https://gitlab.com/apparmor/apparmor/-/merge_requests/865) -profiles/apparmor.d/usr.sbin.dovecot - - - -ff9e4571 Merge abstractions/ssh_certs: extend pki/trust directories -32cd90eb abstractions/ssh_certs: extend pki/trust directories - [MR:864](https://gitlab.com/apparmor/apparmor/-/merge_requests/864) -profiles/apparmor.d/abstractions/ssl_certs - - - -e2319167 Merge profiles/apparmor.d: Fix read access denied on /proc/*/fd bsc#1196850 -6b83ba91 profiles/apparmor.d: Fix read access denied on /proc/*/fd bsc#1196850 - [MR:860](https://gitlab.com/apparmor/apparmor/-/merge_requests/860) -profiles/apparmor.d/samba-bgqd - - - -c3f64513 Merge smbd, samba-bgqd: allow reading openssl.cnf -16444e9c smbd, samba-bgqd: allow reading openssl.cnf - [MR:862](https://gitlab.com/apparmor/apparmor/-/merge_requests/862) - Fixes: [BOO:1195463](https://bugzilla.opensuse.org/show_bug.cgi?id=1195463)#c10 - References: [BOO:1195463](https://bugzilla.opensuse.org/show_bug.cgi?id=1195463)#c10 -profiles/apparmor.d/samba-bgqd -profiles/apparmor.d/usr.sbin.smbd - - - -8f7768cd Merge abstractions/nss-systemd: Allow access for systemd-machined names -9e260a8d abstractions/nss-systemd: Allow access for systemd-machined names - [MR:861](https://gitlab.com/apparmor/apparmor/-/merge_requests/861) - [LP:1964325](https://bugs.launchpad.net/bugs/1964325) - [[LP:1964325](https://bugs.launchpad.net/bugs/1964325)](https://bugs.launchpad.net/bugs/1964325) -profiles/apparmor.d/abstractions/nss-systemd - - - -6f183262 Merge GTK abstraction: add support for gtk4. -8074ff4f GTK abstraction: add support for gtk4. - [MR:857](https://gitlab.com/apparmor/apparmor/-/merge_requests/857) -profiles/apparmor.d/abstractions/gtk - - - -7c725782 Merge aa-genprof: reduce and improve subprocess calls -95d89dfb Simplify logmark used in syslog -c0734411 aa-genprof: get rid of subprocess with shell=True - [MR:856](https://gitlab.com/apparmor/apparmor/-/merge_requests/856) -utils/aa-genprof - - - -6e5fdb5c Merge smbd: allow reading under /usr/share/samba -9e0adcfd smbd: allow reading under /usr/share/samba - [MR:853](https://gitlab.com/apparmor/apparmor/-/merge_requests/853) -profiles/apparmor.d/usr.sbin.smbd - - - -40402e24 Merge Revert "gitlab: testing: temporarily disable secret-detect" -51615755 Revert "gitlab: testing: temporarily disable secret-detect" - [MR:854](https://gitlab.com/apparmor/apparmor/-/merge_requests/854) -.gitlab-ci.yml - - - -5001431c Merge parser: fix building with link time optimization (lto) -b6d3daa7 parser: fix building with link time optimization (lto) - [MR:851](https://gitlab.com/apparmor/apparmor/-/merge_requests/851) - [AABUG:214](https://gitlab.com/apparmor/apparmor/-/issues/214) - Fixes: [AABUG:214](https://gitlab.com/apparmor/apparmor/-/issues/214) -parser/Makefile - - - -6fa2d528 Merge Update apache2-common so that other processes can trace the hats that include... -071935b9 Update apache2-common so that other processes can trace the hats that include this file. The main includes abstractions/base which has these lines in it, which is why `ss -tnlp` sometimes fails. - [MR:852](https://gitlab.com/apparmor/apparmor/-/merge_requests/852) - Fixes: [debug1003153](https://bugs.debian.org/1003153) - See also: [[debug1003153]([debug1003153](https://bugs.debian.org/1003153))](https://bugs.debian.org/1003153) for more details about how this occurs. - See also: [debug1003153](https://bugs.debian.org/1003153) for more details about how this occurs. - See also: [[debug1003153](https://bugs.debian.org/1003153)](https://bugs.debian.org/1003153) for more details about how this occurs. -profiles/apparmor.d/abstractions/apache2-common - - - -e71e27c5 Merge smbd: include snippet generated at runtime on Debian and openSUSE -19abc664 smbd: include snippet generated at runtime on openSUSE -9af832f4 smbd: include snippet generated at runtime on Debian - [MR:838](https://gitlab.com/apparmor/apparmor/-/merge_requests/838) -profiles/apparmor.d/usr.sbin.smbd - - - -ba14227b Merge make test-aa-notify test_help_contents () less strict -39f4132a make test-aa-notify test_help_contents () less strict - [MR:848](https://gitlab.com/apparmor/apparmor/-/merge_requests/848) - [AABUG:220](https://gitlab.com/apparmor/apparmor/-/issues/220) - Fixes [AABUG:220](https://gitlab.com/apparmor/apparmor/-/issues/220) -utils/test/test-aa-notify.py - - - -583e1905 Merge profile-load: use safer and less ambiguous shell constructs -322b3f4d profile-load: use less ambiguous if/then construct -35f23a6d profile-load: use safer "read" construct - [MR:849](https://gitlab.com/apparmor/apparmor/-/merge_requests/849) - /sbin/apparmor_parser -r -W "$profile" || exit 0 # [LP:1058356](https://bugs.launchpad.net/bugs/1058356) -parser/profile-load - - - -5a41024b Merge Make the systemd unit a no-op in containers with no internal policy -c44e93d8 Make the systemd unit a no-op in containers with no internal policy - [MR:840](https://gitlab.com/apparmor/apparmor/-/merge_requests/840) - ([LP:978297](https://bugs.launchpad.net/bugs/978297)) -parser/apparmor.systemd - - - -26b7ddee Merge Allow access to socket directory used by recent ibus-daemon -9505724d Allow access to socket directory used by recent ibus-daemon - [MR:837](https://gitlab.com/apparmor/apparmor/-/merge_requests/837) -+ # This should use this, but due to [LP:1856738](https://bugs.launchpad.net/bugs/1856738) we cannot -profiles/apparmor.d/abstractions/ibus - - - -4300953d Merge CI: enable Secret-Detection and a few SAST analyzers -bf4134e7 Provide examples of how to disable a Bandit SAST analyzer warning -8c8965a7 CI: don't run the Bandit SAST analyzer on our test suites -086fb04f CI: disable SemGrep SAST analyzer -9bbbcd84 CI: disable ESLint SAST analyzer -8655cf16 CI: disable flawfinder SAST analyzer -9240e12e CI: disable Dependency Scanning -7d69e550 CI: disable spotbugs SAST analyzer -9f8c0d25 CI: only run Debian'ish commands on jobs run on Debian'ish systems -2a7bd3aa CI: enable SAST, Secret-Detection, and Dependency Scanning - [MR:844](https://gitlab.com/apparmor/apparmor/-/merge_requests/844) -.gitlab-ci.yml -utils/apparmor/aa.py - - - -6f0e361c Merge CI: parallelize across multiple jobs, only install necessary dependencies -099f99a3 CI: ensure test-utils runs all intended tests -368625a9 utils/test/README.md: document not-totally-obvious cross-tree semi-dependency -f0ff344e CI: normalize indentation -694b3348 CI: parallelize across multiple jobs, only install necessary dependencies -3c116382 CI: don't install unneeded python-all-dev (Python 2) - [MR:843](https://gitlab.com/apparmor/apparmor/-/merge_requests/843) -.gitlab-ci.yml -utils/test/README.md - - - -6a54d591 Merge Import profile-load script from Debian -c7e68d70 Import profile-load script from Debian - [MR:841](https://gitlab.com/apparmor/apparmor/-/merge_requests/841) -+/sbin/apparmor_parser -r -W "$profile" || exit 0 # [LP:1058356](https://bugs.launchpad.net/bugs/1058356) -parser/Makefile -parser/profile-load - - - -04644274 Merge Add .desktop file for aa-notify -bd06a9d2 Add .desktop file for aa-notify - [MR:839](https://gitlab.com/apparmor/apparmor/-/merge_requests/839) -utils/aa-notify.desktop - - - -1bb684b4 Merge shellcheck: skip files generated during libapparmor build -6ae7b156 shellcheck: skip files generated during libapparmor build - [MR:847](https://gitlab.com/apparmor/apparmor/-/merge_requests/847) -tests/bin/shellcheck-tree - - - -73c24a8b Merge Lint shell code and add shellcheck CI job -56dd267a Mark variables as dummy in a way that shellcheck 0.7.0 supports -529d3867 CI: enable all shellcheck severity levels -6db9ebfd aa-decode: "fix" all remaining shellcheck style violations -985f9ca7 CI: set shellcheck minimum severity to info -825f761c aa-decode, aa-remove-unknown: fix remaining shellcheck info-level violations -e55a9b37 CI: set shellcheck minimum severity to warning -af76d98f utils/test/: drop support for running with Python 2 -8d219e1f aa-remove-unknown: mark dummy variable as such -cfcc271b aa-remove-unknown: prefer [ p ] && [ q ] as [ p -a q ] is not well defined. -804e8f94 CI: prepare for enabling shellcheck warnings and info -5a6f6c2f CI: add shellcheck job, with minimum severity set to error -398f5847 Test suite: don't use fragile "-e with globs" construction -14d35c65 Test suite: don't use fragile shell construct mixing string and array -fb946619 rc.apparmor.functions: mark intentionally unused variable as dummy -2e0fb86a rc.apparmor.functions: check command exit status directly -0bae8bf8 rc.apparmor.functions: disable shellcheck false positive -8eeb8c48 rc.apparmor.functions: quote to prevent word splitting and syntax error on empty output - [MR:842](https://gitlab.com/apparmor/apparmor/-/merge_requests/842) -.gitlab-ci.yml -parser/rc.apparmor.functions -.shellcheckrc -tests/bin/shellcheck-tree -tests/checkstyle2junit.xslt -tests/regression/apparmor/dbus.inc -tests/regression/apparmor/dbus_message.sh -tests/regression/apparmor/dbus_service.sh -tests/regression/apparmor/dbus_unrequested_reply.sh -tests/regression/apparmor/namespaces.sh -utils/aa-decode -utils/aa-remove-unknown -utils/test/runtests-py2.sh - - - -0f194ca1 Merge Remove unused init scripts, minor improvement to Slackware init script output -2019519e Delete Red Hat initscript -7f64db1f Display improvements in rc.apparmor.functions -2f2eab3b Remove Debian init script - [MR:845](https://gitlab.com/apparmor/apparmor/-/merge_requests/845) -parser/rc.apparmor.debian -parser/rc.apparmor.functions -parser/rc.apparmor.redhat - - - -a744564f Merge Drop superfluous shebang from python module -749234f5 Drop superfluous shebang from python module - [MR:846](https://gitlab.com/apparmor/apparmor/-/merge_requests/846) -utils/apparmor/notify.py - - - -fb35ee4e Merge aa-remove-unknown: abort on parser failure -db0a8aac Drop now-unused profiles_names_list() from rc.apparmor.functions -5053a01d aa-remove-unknown: abort on parser failure - [MR:836](https://gitlab.com/apparmor/apparmor/-/merge_requests/836) -parser/rc.apparmor.functions -utils/aa-remove-unknown - - - -e726ebe3 Merge Drop unused failstop_system() from rc.apparmor.functions -8e1a4924 Drop unused failstop_system() from rc.apparmor.functions - [MR:835](https://gitlab.com/apparmor/apparmor/-/merge_requests/835) -parser/rc.apparmor.functions - - - -872747f1 Merge Simplify profiles_names_list() -84767862 Drop skip_profile() -d38376c9 Simplify profiles_names_list() - [MR:834](https://gitlab.com/apparmor/apparmor/-/merge_requests/834) - Related to [AABUG:148](https://gitlab.com/apparmor/apparmor/-/issues/148) -parser/rc.apparmor.functions - - - -9aa1a5b4 Merge Drop now-obsolete comment about skip_profile() -5527c208 Drop now-obsolete comment about skip_profile() - [MR:833](https://gitlab.com/apparmor/apparmor/-/merge_requests/833) -parser/rc.apparmor.functions - - - -5041a623 Merge Add 'mctp' network domain keyword -977af8c5 Add 'mctp' network domain keyword - [MR:832](https://gitlab.com/apparmor/apparmor/-/merge_requests/832) -parser/apparmor.d.pod -parser/base_af_names.h -utils/apparmor/rule/network.py - - - -72c06c4d Merge Enable AppArmor to run properly under WSL/systemd -a6360d9d Add explicit WSL detection to is_container_with_internal_policy - [MR:812](https://gitlab.com/apparmor/apparmor/-/merge_requests/812) -parser/rc.apparmor.functions - - - -08f32ac7 Merge Fix: Opening links with Chrome -f0d3d674 Fix: Opening links with Chrome - [MR:830](https://gitlab.com/apparmor/apparmor/-/merge_requests/830) -profiles/apparmor.d/abstractions/ubuntu-helpers - - - -64703c71 Merge tests: add attach_disconnected tests -cb4a397b tests: add attach_disconnected tests -b07a532a unix_fd_common tests: refactor out unix_fd_client code into common - [MR:810](https://gitlab.com/apparmor/apparmor/-/merge_requests/810) -.gitignore -tests/regression/apparmor/attach_disconnected.c -tests/regression/apparmor/attach_disconnected.sh -tests/regression/apparmor/deleted.sh -tests/regression/apparmor/Makefile -tests/regression/apparmor/unix_fd_client.c -tests/regression/apparmor/unix_fd_common.c -tests/regression/apparmor/unix_fd_common.h -tests/regression/apparmor/unix_fd_server.c -tests/regression/apparmor/unix_fd_server.sh - - - -a19ff536 Merge tests: disable file query test for kernels that don't provide the query feature -bf59925a tests: disable file query test for kernels before 4.4 - [MR:769](https://gitlab.com/apparmor/apparmor/-/merge_requests/769) -tests/regression/apparmor/query_label.sh - - - -d9afe25a Merge add snap-browsers profile -fb3283f3 add snap-browsers profile - [MR:806](https://gitlab.com/apparmor/apparmor/-/merge_requests/806) -profiles/apparmor.d/abstractions/snap_browsers - - - -c67681a5 Merge Add the GTK abstraction -93d49a39 add the GTK abstraction - [MR:825](https://gitlab.com/apparmor/apparmor/-/merge_requests/825) - Fixes: [AABUG:168](https://gitlab.com/apparmor/apparmor/-/issues/168) - Fixes: [AABUG:65](https://gitlab.com/apparmor/apparmor/-/issues/65) -profiles/apparmor.d/abstractions/gtk - - - -6154925c Merge tests: add built test files to gitignore -c0ee4a9a tests: add built test files to gitignore - [MR:826](https://gitlab.com/apparmor/apparmor/-/merge_requests/826) -.gitignore - - - -0e52b555 Merge init: make xargs invocation busybox-compatible -76163f80 init: make xargs invocation busybox-compatible - [MR:828](https://gitlab.com/apparmor/apparmor/-/merge_requests/828) -parser/rc.apparmor.functions - - - -90b312c5 Merge branch 'cboltz-samba-lmb2' into 'master' -901f2ea9 abstractions/samba: allow ldb2 paths - [MR:821](https://gitlab.com/apparmor/apparmor/-/merge_requests/821) - - [BOO:1192684](https://bugzilla.opensuse.org/show_bug.cgi?id=1192684) (non-public) - Note: [BOO:1192684](https://bugzilla.opensuse.org/show_bug.cgi?id=1192684) was made public in the meantime. -profiles/apparmor.d/abstractions/samba - - - -2b270216 Merge abstractions/openssl: allow /etc/ssl/{engdef,engines}.d/ -e58dd798 abstractions/openssl: allow /etc/ssl/{engdef,engines}.d/ - [MR:818](https://gitlab.com/apparmor/apparmor/-/merge_requests/818) -profiles/apparmor.d/abstractions/openssl - - - -cf35cfe8 Merge branch 'cboltz-tunables-order' into 'master' -867d3295 Define @{HOMEDIRS} before using it in @{HOME} - [MR:820](https://gitlab.com/apparmor/apparmor/-/merge_requests/820) - Fixes: [debug1003158](https://bugs.debian.org/1003158) -profiles/apparmor.d/tunables/home - - - -fc4d1f76 Merge branch 'bsc1192336' into 'master' -e19abd3b profiles/apparmor.d: Fix file_mmap violation for bsc#1192336. - [MR:819](https://gitlab.com/apparmor/apparmor/-/merge_requests/819) -profiles/apparmor.d/samba-bgqd - - - -4cbd2684 Merge branch 'cboltz-aa-dict' into 'master' -32acb228 Change 'aa' from hasher to dict - [MR:817](https://gitlab.com/apparmor/apparmor/-/merge_requests/817) -utils/apparmor/aa.py - - - -529c408d Merge branch 'cboltz-abstractions-python' into 'master' -cac848e2 abstractions/python: add several permissions -5491b758 abstractions/python: merge /usr/ and /usr/local/ rules - [MR:814](https://gitlab.com/apparmor/apparmor/-/merge_requests/814) -profiles/apparmor.d/abstractions/python - - - -ebd4143c Merge branch 'cboltz-parser-typo' into 'master' -854cbae5 Fix comment typo in parser/lib.c - [MR:815](https://gitlab.com/apparmor/apparmor/-/merge_requests/815) -parser/lib.c - - - -ca276d2b Merge Add support for reading s390x and aarch64 wtmp file -1da0305c Add tests for sane_timestamp -63f1a58b Add truncated and ancient wtmp example to tests -255716b9 Add support for reading s390x and aarch64 wtmp file -f79b335b fix reading 'type' from wtmp -905b89a5 Add unittest for get_last_login_timestamp -6dc9884c Move get_last_login_timestamp() into apparmor.notify - [MR:809](https://gitlab.com/apparmor/apparmor/-/merge_requests/809) -+Example and expected output taken from [BOO:1181155](https://bugzilla.opensuse.org/show_bug.cgi?id=1181155) - Fixes: [BOO:1181155](https://bugzilla.opensuse.org/show_bug.cgi?id=1181155) -utils/aa-notify -utils/apparmor/notify.py -utils/test/test-notify.py -utils/test/wtmp-examples/wtmp-aarch64 -utils/test/wtmp-examples/wtmp-aarch64-expected-output -utils/test/wtmp-examples/wtmp-s390x -utils/test/wtmp-examples/wtmp-s390x-expected-output -utils/test/wtmp-examples/wtmp-truncated -utils/test/wtmp-examples/wtmp-x86_64 -utils/test/wtmp-examples/wtmp-x86_64-expected -utils/test/wtmp-examples/wtmp-x86_64-past -utils/test/wtmp-examples/wtmp-x86_64-past-expected - - - -ee9e61aa Merge Add missing /proc permissions to avahi-daemon profile -8c1243e4 Add missing /proc permissions to avahi-daemon profile - [MR:811](https://gitlab.com/apparmor/apparmor/-/merge_requests/811) - Fixes: [AABUG:203](https://gitlab.com/apparmor/apparmor/-/issues/203) -profiles/apparmor.d/usr.sbin.avahi-daemon - - - -b6551618 Merge Generate af_names.h similar to cap_names.h -90620cb6 Generate af_names.h similar to cap_names.h - [MR:808](https://gitlab.com/apparmor/apparmor/-/merge_requests/808) - Fixes: [AABUG:195](https://gitlab.com/apparmor/apparmor/-/issues/195) -.gitignore -parser/base_af_names.h -parser/Makefile - - - -9d14d6eb Merge abstractions/samba: allow use of /run/lock/samba -f5c9003d abstractions/samba: allow use of /run/lock/samba -profiles/apparmor.d/abstractions/samba - - - -8db7e703 Merge Add profile for samba-bgqd -85e53a5d Add profile for samba-bgqd - Fixes: [BOO:1191532](https://bugzilla.opensuse.org/show_bug.cgi?id=1191532) -profiles/apparmor.d/samba-bgqd -profiles/apparmor.d/usr.sbin.smbd - - - -a24cda5a binutils/aa-features-abi: fix a couple of minor issues -ffc6529b binutils/aa-features-abi: fix failure to close fd due to shadowed var decl -8137beb2 binutils/aa-features-abi: make -f short arg actually be accepted - [MR:804](https://gitlab.com/apparmor/apparmor/-/merge_requests/804) -binutils/aa_features_abi.c - - - -b0bc0d53 Merge branch 'fix-lexer' into 'master' -dc7755e5 parser: Fix unknown state condition RLIMIT_MODEINCLDE - [MR:803](https://gitlab.com/apparmor/apparmor/-/merge_requests/803) -parser/parser_lex.l - - - -0700b47d Merge aa-unconfined: Improve fallback handling to attr/current -f39d5c7c aa-unconfined: Improve fallback handling to attr/current - [MR:801](https://gitlab.com/apparmor/apparmor/-/merge_requests/801) - Fixes: [AABUG:199](https://gitlab.com/apparmor/apparmor/-/issues/199) -utils/aa-unconfined - - - -3b6257ed Merge dnsmasq: allow paths for podman dnsname plugin -254ebacb dnsmasq: allow paths for podman dnsname plugin - [MR:800](https://gitlab.com/apparmor/apparmor/-/merge_requests/800) - Fixes: [BOO:1190271](https://bugzilla.opensuse.org/show_bug.cgi?id=1190271) -profiles/apparmor.d/usr.sbin.dnsmasq - - - -c37586cd Merge Avoid aa-notify crash on log events without operation= -88595722 Avoid aa-notify crash on log events without operation= - [MR:797](https://gitlab.com/apparmor/apparmor/-/merge_requests/797) - Fixes: [AABUG:194](https://gitlab.com/apparmor/apparmor/-/issues/194) -libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.err -libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.in -libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.out -utils/aa-notify - - - -92d5bec8 Merge libapparmor: fix debug build of log parsing -b32b898a libapparmor: fix log parsing for socklogd -1192dae5 libapparmor: fix memory leaks in logparsing -4fe5387b libapparmor: fix debug build of log parsing - [MR:799](https://gitlab.com/apparmor/apparmor/-/merge_requests/799) - Fixes: [AABUG:196](https://gitlab.com/apparmor/apparmor/-/issues/196) -libraries/libapparmor/src/grammar.y -libraries/libapparmor/src/scanner.l -libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.err -libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.in -libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.out -libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.profile - - - -d11f2d59 Merge Include local customization -de596667 Include local customization, cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990499 - [MR:796](https://gitlab.com/apparmor/apparmor/-/merge_requests/796) - Fixes: [debug990499](https://bugs.debian.org/990499) - Include local customization, cf. [debug990499](https://bugs.debian.org/990499) -profiles/apparmor.d/abstractions/ubuntu-helpers - - - -4559a299 utils: Add new python versions to logprof.conf -b570e613 Add new python versions to logprof.conf - [MR:795](https://gitlab.com/apparmor/apparmor/-/merge_requests/795) - Fixes: [AABUG:193](https://gitlab.com/apparmor/apparmor/-/issues/193) -utils/logprof.conf - - - -c8ff8799 Merge cleanup imports from apparmor.common -0ee225b4 import hasher from apparmor.common -c09e0b6e import is_skippable_file from apparmor.common -8b2fe01c aa-easyprof: use AppArmorException from apparmor.common -79e7a204 import AppArmorException from apparmor.common -7f64902f aa-unconfined: import specific items from apparmor.common - [MR:794](https://gitlab.com/apparmor/apparmor/-/merge_requests/794) -utils/aa-genprof -utils/aa-logprof -utils/aa-unconfined -utils/apparmor/easyprof.py -utils/apparmor/tools.py -utils/test/test-aa-easyprof.py -utils/test/test-aa.py -utils/test/test-libapparmor-test_multi.py -utils/test/test-parser-simple-tests.py - - - -7711baae Merge aa-decode: use grep -E instead of egrep -e8f3a1b8 aa-decode: use grep -E instead of egrep - [MR:792](https://gitlab.com/apparmor/apparmor/-/merge_requests/792) -utils/aa-decode - - - -c258976f Merge utils: use internal which implementation -c31d4923 utils: use internal which implementation - [MR:784](https://gitlab.com/apparmor/apparmor/-/merge_requests/784) -utils/aa-unconfined -utils/apparmor/easyprof.py -utils/apparmor/sandbox.py - - - -1a190f2e Merge aa-remove-unknown: Drop superfluous $0 parameter from usage() -8cecc14d aa-remove-unknown: Drop superfluous $0 parameter from usage() -169d305b chmod +x aa-remove-unknown - [MR:785](https://gitlab.com/apparmor/apparmor/-/merge_requests/785) -utils/aa-remove-unknown - - - -5068f54c Merge ProfileStorage: Store empty xattrs as empty string -e69f46ac ProfileStorage: simplify tests for attachment -337ebcd0 ProfileStorage: Store empty xattrs as empty string - [MR:786](https://gitlab.com/apparmor/apparmor/-/merge_requests/786) -utils/apparmor/profile_storage.py -utils/test/test-profile-storage.py - - - -572c342a Merge SeverityVarsTest: Make order of variable replacements constant -d4b17ef9 SeverityVarsTest: Make order of variable replacements constant - [MR:790](https://gitlab.com/apparmor/apparmor/-/merge_requests/790) -utils/test/test-severity.py - - - -4fd7bcc2 Merge branch 'fix-video-abstraction' into 'master' -b3dcd02d add a missing slash at the end of the sys rule - [MR:791](https://gitlab.com/apparmor/apparmor/-/merge_requests/791) -profiles/apparmor.d/abstractions/video - - - -131ae842 Merge branch 'cboltz-typo' into 'master' -1459f49b Fix typo in manpage - [MR:789](https://gitlab.com/apparmor/apparmor/-/merge_requests/789) - [AABUG:192](https://gitlab.com/apparmor/apparmor/-/issues/192) - Fixes: [AABUG:192](https://gitlab.com/apparmor/apparmor/-/issues/192) -parser/apparmor.d.pod - - - -bbe52a1e Merge CI: always collect test artifacts -266ac13e CI: always collect test artifacts - [MR:787](https://gitlab.com/apparmor/apparmor/-/merge_requests/787) -.gitlab-ci.yml - - - -a79e800e Merge libapparmor:fix error value returned from features_lookup functions. -348bb8b3 libapparmor:fix error value returned from features_lookup functions. - [MR:780](https://gitlab.com/apparmor/apparmor/-/merge_requests/780) -libraries/libapparmor/src/features.c - - - -31fda3ee Merge Update abstractions/python and profiles for python 3.10 -ea7b201b Update abstractions/python and profiles for python 3.10 - [MR:783](https://gitlab.com/apparmor/apparmor/-/merge_requests/783) - Fixes: [AABUG:187](https://gitlab.com/apparmor/apparmor/-/issues/187) -profiles/apparmor.d/abstractions/python -profiles/apparmor.d/lsb_release -profiles/apparmor/profiles/extras/usr.bin.chromium-browser - - - -8d0b48df regression tests: fix aa_policy_cache when using system parser -0f2a33e7 regression tests: fix aa_policy_cache when using system parser - [MR:782](https://gitlab.com/apparmor/apparmor/-/merge_requests/782) -tests/regression/apparmor/aa_policy_cache.sh - - - -29215b47 Merge libapparmor: Adjust stacking interface check -a98469eb [7/7] abstractions: Make "available" readable as part of the enabled api -c60fc809 [6/7] parser: update the parser to add interface rules for change_X -35e58273 [5/7] libapparmor: rework trying original interface if new interface fails -d0c4fc7d [4/7] libapparmor: fix available and enabled checks -3fb4c4b8 [3/7] libapparmor: Fix AppArmor private interface availability check -6c4ed2af [2/7] libapparmor: Adjust stacking interface check -0be67ec8 [1/7] libapparmor: fix check for asprintf failure in proc init fn() - [MR:713](https://gitlab.com/apparmor/apparmor/-/merge_requests/713) - Fixes: [AABUG:150](https://gitlab.com/apparmor/apparmor/-/issues/150) -libraries/libapparmor/doc/aa_find_mountpoint.pod -libraries/libapparmor/src/kernel.c -parser/parser_policy.c -profiles/apparmor.d/abstractions/apparmor_api/is_enabled - - - -d8ec3daf Merge allow Prometheus metrics end-point in dovecot/stats -f3dd0d19 allow Prometheus metrics end-point in dovecot/stats - [MR:776](https://gitlab.com/apparmor/apparmor/-/merge_requests/776) -profiles/apparmor.d/usr.lib.dovecot.stats - - - -59813169 Merge Parser check fix -efe39e75 parser: fix comment for jobs_max default value -e82a23df parser: sort feature directory entries in to match libapparmor's directory traversal -5910b509 parser: correctly calculate max number of jobs - [MR:775](https://gitlab.com/apparmor/apparmor/-/merge_requests/775) -parser/parser_main.c -parser/tst/testlib.py - - - -710bf66e Merge Allow reading /etc/login.defs.d/ in abstraction/authentication -b6b89478 Allow reading /etc/login.defs.d/ in abstraction/authentication - [MR:774](https://gitlab.com/apparmor/apparmor/-/merge_requests/774) - References: [BOO:1188296](https://bugzilla.opensuse.org/show_bug.cgi?id=1188296) -profiles/apparmor.d/abstractions/authentication - - - -f466e80d Merge branch 'cboltz-gcrypt' into 'master' -b5241282 move @{PROC}/sys/crypto/fips_enabled r, rule -ba808792 Move crypto-policies rules from ssl_certs to crypto -534a6d30 move @{PROC}/sys/crypto/* permissions from base to crypto -98300313 Add crypto abstraction and include it in base - [MR:772](https://gitlab.com/apparmor/apparmor/-/merge_requests/772) -profiles/apparmor.d/abstractions/base -profiles/apparmor.d/abstractions/crypto -profiles/apparmor.d/abstractions/openssl -profiles/apparmor.d/abstractions/ssl_certs - - - -4e8ca569 Merge branch 'cboltz-test-profiles' into 'master' -26d7c13f Add option to skip reading specific profiles -b02c59a7 Test if active and extra profiles can be parsed by the tools -92883d7e Fix extra profiles path in utils/test/logprof.conf - [MR:677](https://gitlab.com/apparmor/apparmor/-/merge_requests/677) -utils/apparmor/aa.py -utils/test/logprof.conf -utils/test/test-profiles.py - - - -bacfe785 Merge branch 'cboltz-ci-artifacts' into 'master' -8d9e2489 Generate and keep html in utils coverage-regression - [MR:771](https://gitlab.com/apparmor/apparmor/-/merge_requests/771) -.gitlab-ci.yml -utils/test/Makefile - - - -db94b436 Merge Fix crash caused by ask_exec() -755b5d11 Fix crash caused by ask_exec() - [MR:763](https://gitlab.com/apparmor/apparmor/-/merge_requests/763) -utils/apparmor/aa.py - - - -80ae7491 Merge Make 'transitions' a dict instead of Hasher -5aa35195 Make 'transitions' a dict instead of Hasher - [MR:764](https://gitlab.com/apparmor/apparmor/-/merge_requests/764) -utils/apparmor/aa.py - - - -93bd9a1d Merge branch 'cboltz-crypto-policies' into 'master' -13a82216 abstractions/ssl_certs: allow reading crypto policies - [MR:720](https://gitlab.com/apparmor/apparmor/-/merge_requests/720) -profiles/apparmor.d/abstractions/ssl_certs - - - -f46dd62a Merge branch 'profile-check' into 'master' -644d3600 profiles: Fix config dir on make check - [MR:762](https://gitlab.com/apparmor/apparmor/-/merge_requests/762) - [AABUG:177](https://gitlab.com/apparmor/apparmor/-/issues/177) - Fixes: [AABUG:177](https://gitlab.com/apparmor/apparmor/-/issues/177) -profiles/Makefile - - - -9fb1398b Merge remove always-True write_flags parameter from write_piece() and get_header() -5d8f66c9 get_header() tests: drop write_flags, add xattrs -6e6b94ab get_header(): remove always-True write_flags parameter -a7b44cb1 write_piece(): remove always-True write_flags parameter - [MR:759](https://gitlab.com/apparmor/apparmor/-/merge_requests/759) -utils/apparmor/aa.py -utils/apparmor/profile_storage.py -utils/test/test-profile-storage.py - - - -c07a5bb3 Merge change_profile_flags(): use ProfileStorage.parse() -2351bf74 change_profile_flags(): use ProfileStorage.parse() -b7e99289 Preserve profile keyword and comment in ProfileStorage.parse() - [MR:758](https://gitlab.com/apparmor/apparmor/-/merge_requests/758) -utils/apparmor/aa.py -utils/apparmor/profile_storage.py - - - -e00e3fed Merge When changing flags, use correct amount of whitespace -f0a445dd When changing flags, use correct amount of whitespace - [MR:757](https://gitlab.com/apparmor/apparmor/-/merge_requests/757) -utils/apparmor/aa.py -utils/test/test-aa.py - - - -18ad8e94 Merge Merge hat parsing into ProfileStorage.parse() -97aece02 Preserve 'hat' keyword in ProfileStorage -6f15bea7 Merge hat parsing into ProfileStorage.parse() - [MR:756](https://gitlab.com/apparmor/apparmor/-/merge_requests/756) -utils/apparmor/aa.py -utils/apparmor/profile_storage.py -utils/apparmor/regex.py -utils/test/cleanprof_test.in -utils/test/cleanprof_test.out -utils/test/test-parser-simple-tests.py - - - -ea57aaa6 Merge abstractions/php: support PHP 8 -5853f522 abstractions/php: support PHP 8 - [MR:755](https://gitlab.com/apparmor/apparmor/-/merge_requests/755) - Fixes: [BOO:1186267](https://bugzilla.opensuse.org/show_bug.cgi?id=1186267) - References: [BOO:1186267](https://bugzilla.opensuse.org/show_bug.cgi?id=1186267) -profiles/apparmor.d/abstractions/php - - - -0325ba06 Merge ProfileStorage: change 'profile' to 'is_hat', and move parse_profile_start{,_to_storage}() into ProfileStorage -055ca8f8 Add a test to ensure nested childs cause an Exception -42fe65de ProfileStorage: merge parse_profile_start() into parse() -1642fea2 Move parse_profile_start{,_to_storage}() into ProfileStorage -2a97d6b6 ProfileStorage: change 'profile' to 'is_hat' - [MR:754](https://gitlab.com/apparmor/apparmor/-/merge_requests/754) -utils/apparmor/aa.py -utils/apparmor/profile_storage.py -utils/test/test-aa.py -utils/test/test-libapparmor-test_multi.py -utils/test/test-profile-storage.py - - - -52de1a22 Merge Update postfix profiles -d78db050 Update postfix profiles - [MR:753](https://gitlab.com/apparmor/apparmor/-/merge_requests/753) -profiles/apparmor/profiles/extras/postfix-bounce -profiles/apparmor/profiles/extras/postfix-qmgr -profiles/apparmor/profiles/extras/postfix-showq -profiles/apparmor/profiles/extras/postfix-smtp - - - -adee3e5a Merge parse_profile_start(): get rid of pps_set_profile -e1af0cde parse_profile_start(): get rid of pps_set_profile - [MR:751](https://gitlab.com/apparmor/apparmor/-/merge_requests/751) -utils/apparmor/aa.py -utils/test/cleanprof_test.in -utils/test/cleanprof_test.out -utils/test/test-aa.py -utils/test/test-libapparmor-test_multi.py - - - -33a53c26 Merge Fix comment wording in file_cache.h -e31015a1 Fix comment wording in file_cache.h - [MR:752](https://gitlab.com/apparmor/apparmor/-/merge_requests/752) -parser/file_cache.h - - - -92c76e04 tests: add a test with recursive include in preamble -f0221f4b Add a test with recursive include in preamble - [MR:750](https://gitlab.com/apparmor/apparmor/-/merge_requests/750) -parser/tst/simple_tests/includes/recursive.preamble -parser/tst/simple_tests/include_tests/recursive_3.sd - - - -71bf9e13 Merge parser: add include dedup cache to handle include loops -c00b0d32 parser: add a simple one-level recursive include test -7dcf013b parser: add include dedup cache to handle include loops - [MR:743](https://gitlab.com/apparmor/apparmor/-/merge_requests/743) - Fixes: [BOS:1184779](https://bugzilla.suse.com/show_bug.cgi?id=1184779) -parser/file_cache.h -parser/Makefile -parser/parser_common.c -parser/parser.h -parser/parser_include.c -parser/parser_include.h -parser/parser_lex.l -parser/parser_main.c -parser/parser_yacc.y -parser/tst/simple_tests/includes/recursive.include -parser/tst/simple_tests/include_tests/recursive_2.sd - - - -a7816e1a Merge Rework internal profile storage and handling in the aa-* tools to use merged profile names instead of [profile][hat] -e54b13a9 write_piece(): use merged profile names -0e5dca10 serialize_profile(): use merged profile names in parameter -0802f34b deduplicate code in read_profile() and autodep() -8f84e125 simplify logic in read_profile() -e04c8151 autodep(): use merged profile names -5cf7a281 change get_profile() to return merged profile names -5a68d96c extend create_new_profile() tests to cover required hats -c65206f1 create_new_profile(): use and return merged profile names -28676127 Store extra profiles in 'extra_profiles' ProfileList -179168f5 ProfileList: add get_profile_and_childs() -b1a1b5dc ProfileList: allow storing actual profile data -ba53ff30 Change ask_the_questions() to work with merged profile names -a2086500 collapse_log(): return merged profile names -bd3b62a8 Change collapse_log to internally use merged profile names -338a7774 parse_profile_data(): return merged profile names -d3816b5b add split_to_merged() -64a261f5 parse_profile_data(): use merged profile names internally -24e0631b Add combine_profname() to combine profile name parts into joint name -4642d4c9 add merged_to_split() - [MR:736](https://gitlab.com/apparmor/apparmor/-/merge_requests/736) -utils/aa-mergeprof -utils/apparmor/aa.py -utils/apparmor/common.py -utils/apparmor/profile_list.py -utils/apparmor/tools.py -utils/test/test-aa.py -utils/test/test-common.py -utils/test/test-libapparmor-test_multi.py -utils/test/test-profile-list.py - - - -bf70a8e4 Merge get_new_profile_filename(): use better variable name -54eb2baa get_new_profile_filename(): use better variable name - [MR:749](https://gitlab.com/apparmor/apparmor/-/merge_requests/749) -utils/apparmor/aa.py - - - -ea61100a Merge .gitignore: Add aa-features-abi and utils coverage files -5c060945 .gitignore: Add aa-features-abi and utils coverage files - [MR:748](https://gitlab.com/apparmor/apparmor/-/merge_requests/748) -.gitignore - - - -a0844f19 Merge Rewrite gen-dbus in python -2b00d21e Rewrite gen-dbus in python - [MR:747](https://gitlab.com/apparmor/apparmor/-/merge_requests/747) -parser/tst/gen-dbus.pl -parser/tst/gen-dbus.py -parser/tst/Makefile - - - -8aa15c7f Merge Detect endless #include loop when parsing profiles -30323a2d Detect endless #include loop when parsing profiles - [MR:742](https://gitlab.com/apparmor/apparmor/-/merge_requests/742) - Fixes: [BOS:1184779](https://bugzilla.suse.com/show_bug.cgi?id=1184779) for the tools. - Fixes: [BOS:1184779](https://bugzilla.suse.com/show_bug.cgi?id=1184779) for the tools. The parser will also need a fix. -utils/apparmor/aa.py - - - -472383a4 Merge Increase include and abi rule test coverage to 100% -86edd484 Increase include and abi rule test coverage to 100% - [MR:741](https://gitlab.com/apparmor/apparmor/-/merge_requests/741) -utils/test/Makefile -utils/test/test-abi.py -utils/test/test-include.py - - - -3ee4f9c7 Merge severity.py: bump test coverage to 100% -a07515bd Run severity tests with official severity.db -d9cb8df6 severity.py: bump test coverage to 100% - [MR:737](https://gitlab.com/apparmor/apparmor/-/merge_requests/737) -utils/apparmor/severity.py -utils/test/Makefile -utils/test/severity.db -utils/test/test-baserule.py -utils/test/test-capability.py -utils/test/test-file.py -utils/test/test-severity.py - - - -94b7704e utils: ProfileStorage - add tests with invalid type -38c63026 ProfileStorage: add tests with invalid type - [MR:735](https://gitlab.com/apparmor/apparmor/-/merge_requests/735) -utils/test/test-profile-storage.py - - - -d270b2c3 utils: move and rename write_header() to ProfileStorage.get_header() -6a170dda Move and rename write_header() to ProfileStorage.get_header() -4ef975fb change_profile_flags(): use ProfileStorage -9494238e write_header(): replace regex with startswith() - [MR:734](https://gitlab.com/apparmor/apparmor/-/merge_requests/734) -utils/apparmor/aa.py -utils/apparmor/profile_storage.py -utils/test/test-aa.py -utils/test/test-profile-storage.py - - - -edf52a75 Merge read_profile(): use actual profile name -f9078c4b read_profile(): use actual profile name - [MR:733](https://gitlab.com/apparmor/apparmor/-/merge_requests/733) -utils/apparmor/aa.py - - - -09dfbb97 Merge logparser: don't return empty AUDIT section -9aa70ab7 logparser: don't return empty AUDIT section - [MR:731](https://gitlab.com/apparmor/apparmor/-/merge_requests/731) -utils/apparmor/logparser.py - - - -eb1328f1 utils: ask_conflict_mode: drop superfluous parameters -f931daa7 ask_conflict_mode: drop superfluous parameters - [MR:732](https://gitlab.com/apparmor/apparmor/-/merge_requests/732) -utils/apparmor/aa.py - - - -c32c970d Merge look up python-config using AC_PATH_TOOL -af4800f3 look up python-config using AC_PATH_TOOL - [MR:729](https://gitlab.com/apparmor/apparmor/-/merge_requests/729) - Link: [debug984582](https://bugs.debian.org/984582) - This is the second and last upstreamable change from [debug984582](https://bugs.debian.org/984582). It looks a little simpler here, because apparmor evolved upstream compared to the Debian version. Fortunately, it got a lot simpler in the process. -libraries/libapparmor/m4/ac_python_devel.m4 - - - -f17143b5 Merge Do not abuse AC_CHECK_FILE -60e6847e Do not abuse AC_CHECK_FILE - [MR:728](https://gitlab.com/apparmor/apparmor/-/merge_requests/728) - This is part of [debug984582](https://bugs.debian.org/984582). -libraries/libapparmor/configure.ac - - - -3f518772 Merge Improve and simplify profile parsing in the tools -aaad284d Handle include rules in match_line_against_rule_classes() -3448127c Also parse preamble rules with match_line_against_rule_classes() -accc3803 Add in_preamble parameter to profile loading/parsing functions -d4426201 Add match_line_against_rule_classes() - [MR:719](https://gitlab.com/apparmor/apparmor/-/merge_requests/719) -utils/apparmor/aa.py -utils/apparmor/profile_list.py -utils/apparmor/profile_storage.py -utils/test/test-aa.py -utils/test/test-parser-simple-tests.py -utils/test/test-profile-list.py - - - -089b266c Merge Use parse() instead of _parse() in LogprofHeaderTest -4c77f719 Use parse() instead of _parse() in LogprofHeaderTest - [MR:718](https://gitlab.com/apparmor/apparmor/-/merge_requests/718) -utils/test/test-abi.py -utils/test/test-alias.py -utils/test/test-boolean.py -utils/test/test-capability.py -utils/test/test-change_profile.py -utils/test/test-dbus.py -utils/test/test-file.py -utils/test/test-include.py -utils/test/test-network.py -utils/test/test-ptrace.py -utils/test/test-rlimit.py -utils/test/test-signal.py -utils/test/test-variable.py - - - -55a7c891 Merge update postfix profiles -08719eeb postfix-flush and -showq: add permissions needed with latest postfix -a07f30e2 postfix: allow access to *.lmdb files -32bd2bce cleanup postfix profiles - [MR:717](https://gitlab.com/apparmor/apparmor/-/merge_requests/717) -profiles/apparmor.d/abstractions/postfix-common -profiles/apparmor/profiles/extras/postfix-flush -profiles/apparmor/profiles/extras/postfix-local -profiles/apparmor/profiles/extras/postfix-showq -profiles/apparmor/profiles/extras/postfix-smtp -profiles/apparmor/profiles/extras/postfix-smtpd -profiles/apparmor/profiles/extras/postfix-trivial-rewrite -profiles/apparmor/profiles/extras/usr.sbin.postalias -profiles/apparmor/profiles/extras/usr.sbin.postmap - - - -c2718e26 Merge Improve AARE documentation in apparmor.d manpage -cc2d7102 Improve AARE documentation in apparmor.d manpage - [MR:715](https://gitlab.com/apparmor/apparmor/-/merge_requests/715) -parser/apparmor.d.pod - - - -447ce37b Merge loadincludes(): only load tunables and abstractions -d0693b09 Drop is_skippable_dir() -bb5ca91e loadincludes(): only load tunables and abstractions - [MR:714](https://gitlab.com/apparmor/apparmor/-/merge_requests/714) -utils/apparmor/aa.py -utils/test/test-aa.py - - - -0f21ca61 Merge branch 'cboltz-parse-profile-start' into 'master' -f7a365f8 Simplify handling of in_contained_hat -7cfda277 split off parse_profile_start_to_storage() from parse_profile_data() - [MR:710](https://gitlab.com/apparmor/apparmor/-/merge_requests/710) -utils/apparmor/aa.py -utils/test/test-aa.py - - - -0f1d5fdb Merge branch 'cboltz-preamble-ruletypes' into 'master' -33f2b369 Un-hardcode rule list in ProfileList delete_preamble_duplicates() -718fa5b9 profile_list: add preamble_ruletypes - [MR:708](https://gitlab.com/apparmor/apparmor/-/merge_requests/708) -utils/apparmor/profile_list.py - - - -d5de9692 Merge parser: replace dynamic_cast with is_type method -5aab543a parser: replace dynamic_cast with is_type method - [MR:711](https://gitlab.com/apparmor/apparmor/-/merge_requests/711) -parser/libapparmor_re/aare_rules.cc -parser/libapparmor_re/expr-tree.cc -parser/libapparmor_re/expr-tree.h -parser/libapparmor_re/hfa.cc - - - -3a87b33a Merge Rewrite parse_profile_start() tests to use tests[] array -7e5c02e3 Rewrite parse_profile_start() tests to use tests[] array - [MR:709](https://gitlab.com/apparmor/apparmor/-/merge_requests/709) -utils/test/test-aa.py - - - -a83f5d7a Merge Update profile usr.sbin.ntpd and abstractions/ssl_certs -c5ef2d2f usr.sbin.ntpd: add abstractions/ssl_certs -63bcad08 abstractions/ssl_certs: add /etc/ca-certificates/ and /etc/libressl/ - [MR:698](https://gitlab.com/apparmor/apparmor/-/merge_requests/698) -profiles/apparmor.d/abstractions/ssl_certs -profiles/apparmor.d/usr.sbin.ntpd - - - -1bd0d8f2 Merge Add `make coverage-regression` -e38be7b1 enable utils coverage-regression checks in CI -69c6ac30 Add `make coverage-regression` - [MR:697](https://gitlab.com/apparmor/apparmor/-/merge_requests/697) -.gitlab-ci.yml -utils/test/Makefile - - - -15e897ca profiles: add new deny path for kwallet (used in KDE 5) -f1c53e12 add new path for kwallet (used in KDE 5) - [MR:704](https://gitlab.com/apparmor/apparmor/-/merge_requests/704) -profiles/apparmor.d/abstractions/private-files-strict -profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files - - - -0ee0b9a9 parser: drop unused `extern int debug_cache` -7bd1f487 drop unused `extern int debug_cache` - [MR:705](https://gitlab.com/apparmor/apparmor/-/merge_requests/705) -parser/parser.h -parser/policy_cache.h - - - -cb65ab92 Merge fix setting proc_attr_base -cc113f48 fix setting proc_attr_base - [MR:701](https://gitlab.com/apparmor/apparmor/-/merge_requests/701) -libraries/libapparmor/src/kernel.c - - - -d86b7acd Merge Enable minitools tests -2e6bdc0b skip testing aa-unconfined if securityfs is not available -8d422ff6 Test minitools with --configdir ./ -70bbc321 Enable minitools tests in 'make check` - [MR:696](https://gitlab.com/apparmor/apparmor/-/merge_requests/696) -utils/test/minitools_test.py -utils/test/test-minitools.py - - - -7e02f254 Merge add re_match_include_parse() test with invalid rule name -c3d3203a add re_match_include_parse() test with invalid rule name - [MR:695](https://gitlab.com/apparmor/apparmor/-/merge_requests/695) -utils/test/test-regex_matches.py - - - -cc28ebaa Merge Add missing test for ProfileList add_alias() -32b11c03 Add missing test for ProfileList add_alias() - [MR:694](https://gitlab.com/apparmor/apparmor/-/merge_requests/694) -utils/test/test-profile-list.py - - - -ca344a36 Merge Add and use BooleanRule and BooleanRuleset classes to handle boolean variable definitions -f7e6f795 parse_profile_data(): Use BooleanRule -a1089340 ProfileList: add handling of boolean variable definitions -3f11eebc Add BooleanRule and BooleanRuleset - [MR:693](https://gitlab.com/apparmor/apparmor/-/merge_requests/693) -utils/apparmor/aa.py -utils/apparmor/profile_list.py -utils/apparmor/regex.py -utils/apparmor/rule/boolean.py -utils/test/cleanprof_test.in -utils/test/cleanprof_test.out -utils/test/test-boolean.py -utils/test/test-parser-simple-tests.py -utils/test/test-profile-list.py - - - -d7ce5f0d Merge branch 'cboltz-comment-fix' into 'master' -2cbd0d94 Fix comment in split_name() tests - [MR:692](https://gitlab.com/apparmor/apparmor/-/merge_requests/692) -utils/test/test-common.py - - - -20234d24 Merge apparmor.vim: add support for abi rules -c421fcd3 apparmor.vim: add support for abi rules - [MR:690](https://gitlab.com/apparmor/apparmor/-/merge_requests/690) -utils/vim/apparmor.vim.in - - - -c2d105f8 Merge Honor global LDFLAGS when building python library -b646bbf2 Honor global LDFLAGS when building python library - [MR:689](https://gitlab.com/apparmor/apparmor/-/merge_requests/689) - [AABUG:129](https://gitlab.com/apparmor/apparmor/-/issues/129) - [AABUG:138](https://gitlab.com/apparmor/apparmor/-/issues/138) -libraries/libapparmor/swig/python/Makefile.am - - - -4a7b0292 Merge branch 'codespell-fixes' into 'master' -8782f535 parser: spelling fixes in aare_rules.c -05547ac8 treewide: spelling fix in logprof.conf and profile comments -8b708d3b treewide: spelling/typo fixes in code strings -461d9c22 treewide: spelling/typo fixes in comments and docs - [MR:687](https://gitlab.com/apparmor/apparmor/-/merge_requests/687) -binutils/po/aa_enabled.pot -changehat/mod_apparmor/mod_apparmor.c -changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor -changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor -common/list_af_names.sh -libraries/libapparmor/doc/aa_policy_cache.pod -libraries/libapparmor/src/grammar.y -libraries/libapparmor/src/kernel.c -libraries/libapparmor/src/kernel_interface.c -libraries/libapparmor/src/private.c -libraries/libapparmor/testsuite/libaalogparse.test/multi_test.exp -parser/af_rule.cc -parser/af_unix.cc -parser/libapparmor_re/aare_rules.cc -parser/libapparmor_re/expr-tree.cc -parser/libapparmor_re/hfa.cc -parser/libapparmor_re/hfa.h -parser/libapparmor_re/parse.y -parser/libapparmor_re/README -parser/mount.cc -parser/parser.conf -parser/parser_include.c -parser/parser_interface.c -parser/parser_main.c -parser/parser_regex.c -parser/parser_symtab.c -parser/signal.cc -parser/techdoc.tex -parser/tst/equality.sh -parser/tst/minimize.sh -parser/tst/README -parser/tst/simple_tests/capability/ok1.sd -parser/tst/simple_tests/capability/ok2.sd -parser/tst/simple_tests/capability/ok3.sd -parser/tst/simple_tests/capability/set/ok1.sd -parser/tst/simple_tests/conditional/else_if_4.sd -parser/tst/simple_tests/file/allow/ok_mmap_2.sd -parser/tst/simple_tests/file/file/ok_mmap_2.sd -parser/tst/simple_tests/file/ok_mmap_2.sd -parser/tst/simple_tests/network/tcp_client_error2.sd -parser/tst/simple_tests/profile/profile_ns_named_ok1.sd -parser/tst/simple_tests/rlimits/ok_rlimit_10.sd -profiles/apparmor.d/abstractions/exo-open -profiles/apparmor.d/abstractions/kde-open5 -profiles/apparmor.d/abstractions/svn-repositories -profiles/apparmor.d/abstractions/xdg-open -profiles/apparmor/profiles/extras/postfix-local -profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 -profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh -profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork -profiles/Makefile -tests/regression/apparmor/at_secure.sh -tests/regression/apparmor/capabilities.sh -tests/regression/apparmor/changehat_fork.sh -tests/regression/apparmor/clone.sh -tests/regression/apparmor/dbus_service.c -tests/regression/apparmor/deleted.c -tests/regression/apparmor/exec.c -tests/regression/apparmor/exec_qual.sh -tests/regression/apparmor/link_subset.c -tests/regression/apparmor/mount.sh -tests/regression/apparmor/named_pipe.sh -tests/regression/apparmor/prologue.inc -tests/regression/apparmor/query_label.c -tests/regression/apparmor/README -tests/regression/apparmor/socketpair.c -tests/regression/apparmor/swap.sh -tests/regression/apparmor/syscall_sysctl.sh -tests/regression/apparmor/unix_socket.inc -tests/regression/apparmor/xattrs.sh -utils/aa-logprof.pod -utils/aa-notify -utils/apparmor/aa.py -utils/apparmor/cleanprofile.py -utils/apparmor/common.py -utils/apparmor/easyprof.py -utils/apparmor/fail.py -utils/apparmor/logparser.py -utils/logprof.conf -utils/test/cleanprof_test.in -utils/test/logprof.conf -utils/test/test-file.py -utils/test/test-libapparmor-test_multi.py -utils/vim/apparmor.vim.in - - - -e0ef3095 Merge create_new_profile(): check if abstractions exist -dfd7c245 create_new_profile(): check if abstractions exist - [MR:683](https://gitlab.com/apparmor/apparmor/-/merge_requests/683) - Fixes: [BOO:1178527](https://bugzilla.opensuse.org/show_bug.cgi?id=1178527) - References: [BOO:1178527](https://bugzilla.opensuse.org/show_bug.cgi?id=1178527)#c1 [1] -utils/apparmor/aa.py - - - -44aa30cf Merge aa-autodep: load abstractions on start -f6b3de71 aa-autodep: load abstractions on start - [MR:682](https://gitlab.com/apparmor/apparmor/-/merge_requests/682) - Fixes: [BOO:1178527](https://bugzilla.opensuse.org/show_bug.cgi?id=1178527) - References: [BOO:1178527](https://bugzilla.opensuse.org/show_bug.cgi?id=1178527)#c1 [1] -utils/apparmor/tools.py - - - -e5733d72 Merge Convert gen-xtrans from perl to python -6b96a9ba Convert gen-xtrans from perl to python - [MR:673](https://gitlab.com/apparmor/apparmor/-/merge_requests/673) -parser/tst/gen-xtrans.pl -parser/tst/gen-xtrans.py -parser/tst/Makefile - - - -0af37358 Merge Add --configdir to all aa-* utils -f3a816d6 use aa-notify --configdir in test-aa-notify.py -87eec0d6 use aa-logprof --configdir ../utils in profile testsuite -ab6e9b2d Add --configdir to all aa-* utils - [MR:670](https://gitlab.com/apparmor/apparmor/-/merge_requests/670) -profiles/Makefile -utils/aa-audit -utils/aa-autodep -utils/aa-cleanprof -utils/aa-complain -utils/aa-disable -utils/aa-enforce -utils/aa-genprof -utils/aa-logprof -utils/aa-mergeprof -utils/aa-notify -utils/aa-unconfined -utils/apparmor/aa.py -utils/apparmor/tools.py -utils/test/logprof.conf -utils/test/test-aa-notify.py -utils/test/test-config.py - - - -af0f16a3 Merge abstractions/X: Allow (only) reading X compose cache -78bd811e abstractions/X: Allow (only) reading X compose cache - [MR:685](https://gitlab.com/apparmor/apparmor/-/merge_requests/685) -profiles/apparmor.d/abstractions/X - - - -c29357a2 Merge Fix invalid Pux (should be PUx) permissions in dhclient-script -d08d1a00 Fix invalid Pux (should be PUx) permissions in dhclient-script - [MR:676](https://gitlab.com/apparmor/apparmor/-/merge_requests/676) -profiles/apparmor/profiles/extras/sbin.dhclient-script - - - -e5717458 Merge Fix hotkey conflict in utils de.po and id.po -7cf54f2c Fix hotkey conflict in utils de.po, id.po and sv.po -07bd1139 Check hotkey conflicts case-insensitive - [MR:675](https://gitlab.com/apparmor/apparmor/-/merge_requests/675) -utils/po/de.po -utils/po/id.po -utils/po/sv.po -utils/test/test-translations.py - - - -53d812cf Merge Update dovecot for SIGKILL and dh.pem denials -9d8e111a dovecot: allow reading dh.pem -2f9d172c dovecot: allow kill signal - [MR:671](https://gitlab.com/apparmor/apparmor/-/merge_requests/671) - Dovecot is hit with this denial on [debug10]([debug10](https://bugs.debian.org/10)) (buster): - Dovecot is hit with this denial on [debug10](https://bugs.debian.org/10) (buster): - Running dovecot on [debug10]([debug10](https://bugs.debian.org/10)) (buster) produced these denials: - Running dovecot on [debug10](https://bugs.debian.org/10) (buster) produced these denials: -profiles/apparmor.d/usr.sbin.dovecot - - - -11d32185 Merge Fix typos -d6e18b0d Fix typos -0da70b17 apparmor_xattrs.7: fix whatis entry - [MR:669](https://gitlab.com/apparmor/apparmor/-/merge_requests/669) -binutils/aa_enabled.c -binutils/aa-enabled.pod -binutils/aa-features-abi.pod -parser/apparmor.d.pod -parser/apparmor_xattrs.pod -parser/parser_main.c - - - -0cb35fda Merge profiles/apparmor.d/abstractions/X: make x11 socket writable again -81867f94 profiles/apparmor.d/abstractions/X: make x11 socket writable again - [MR:664](https://gitlab.com/apparmor/apparmor/-/merge_requests/664) -profiles/apparmor.d/abstractions/X - - - -24855edd Merge Add Fontmatrix to abstractions/fonts -17cb8f04 Add Fontmatrix to abstractions/fonts - [MR:657](https://gitlab.com/apparmor/apparmor/-/merge_requests/657) -profiles/apparmor.d/abstractions/fonts - - - -32d748ab Merge add Dovecot and other mail related profiles -bd1e22ad profiles: add pyzorsocket and razorsocket -c343f052 profiles: add haproxy -2eea414c profiles: add clamd -8319bc5d profiles: Add 3 more dovecot services -286f0712 profile: Allow SSL access to freshclam -6e908f28 profiles: Drop duplicate line - [MR:644](https://gitlab.com/apparmor/apparmor/-/merge_requests/644) -profiles/apparmor.d/usr.lib.dovecot.director -profiles/apparmor.d/usr.lib.dovecot.doveadm-server -profiles/apparmor.d/usr.lib.dovecot.imap -profiles/apparmor.d/usr.lib.dovecot.replicator -profiles/apparmor.d/usr.sbin.dovecot -profiles/apparmor/profiles/extras/usr.bin.freshclam -profiles/apparmor/profiles/extras/usr.bin.pyzorsocket -profiles/apparmor/profiles/extras/usr.bin.razorsocket -profiles/apparmor/profiles/extras/usr.sbin.clamd -profiles/apparmor/profiles/extras/usr.sbin.haproxy - - - -1961bb77 Merge Adjust to support brave in ubuntu abstractions -9b30f930 Adjust to support brave in ubuntu abstractions - [MR:667](https://gitlab.com/apparmor/apparmor/-/merge_requests/667) -profiles/apparmor.d/abstractions/ubuntu-browsers -profiles/apparmor.d/abstractions/ubuntu-helpers - - - -3ff07add Merge Adjust ubuntu-integration to use abstractions/exo-open -9ff0bbb6 Adjust ubuntu-integration to use abstractions/exo-open - [MR:666](https://gitlab.com/apparmor/apparmor/-/merge_requests/666) -profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration - - - -dbb1b900 Merge branch 'adjust-for-new-ICEauthority-path-in-run' into 'master' -1abe1017 Adjust for new ICEauthority path in /run - [MR:668](https://gitlab.com/apparmor/apparmor/-/merge_requests/668) -profiles/apparmor.d/abstractions/X - - - -6039d158 Merge abstractions: mesa - tightens cache location and add fallback -5aa6db68 abstractions: mesa - tightens cache location and add fallback - [MR:652](https://gitlab.com/apparmor/apparmor/-/merge_requests/652) - Fixes: [AABUG:91](https://gitlab.com/apparmor/apparmor/-/issues/91) -profiles/apparmor.d/abstractions/mesa - - - -cfc57c08 Merge profiles: nscd: service fails with apparmor 3.0.0-2 on Arch Linux -821f9fe4 profiles: nscd: service fails with apparmor 3.0.0-2 on Arch Linux - [MR:651](https://gitlab.com/apparmor/apparmor/-/merge_requests/651) - Fixes: [AABUG:124](https://gitlab.com/apparmor/apparmor/-/issues/124) -profiles/apparmor.d/usr.sbin.nscd - - - -38c611ed Merge Revert "Merge dnsmasq: Permit access to /proc/self/fd/" -e0b20a4d Revert "Merge dnsmasq: Permit access to /proc/self/fd/" - [MR:659](https://gitlab.com/apparmor/apparmor/-/merge_requests/659) -profiles/apparmor.d/usr.sbin.dnsmasq - - - -89fc6559 Merge Add CAP_CHECKPOINT_RESTORE to severity.db -2c2dbdc3 Add CAP_CHECKPOINT_RESTORE to severity.db - [MR:656](https://gitlab.com/apparmor/apparmor/-/merge_requests/656) -utils/severity.db - - - -71a51fcb Merge regression test: Fix regression tests when using in tree parser -1033e191 regression tests: fix aa_policy_cache to use correct config file -5ac368bc regression test: Fix regression tests when using in tree parser - [MR:653](https://gitlab.com/apparmor/apparmor/-/merge_requests/653) -tests/regression/apparmor/aa_policy_cache.sh -tests/regression/apparmor/uservars.inc.source -tests/regression/apparmor/uservars.inc.system - - - -40b7019d Merge Fix wording of some warnings -01f5954b Fix wording of some warnings - [MR:650](https://gitlab.com/apparmor/apparmor/-/merge_requests/650) -parser/parser_main.c -parser/policy_cache.c - - - -042a75a6 Merge Fix dhclient and dhclient-script profiles to work on debian buster -9b70ef4f Fix dhclient and dhclient-script profiles to work on debian buster - [MR:645](https://gitlab.com/apparmor/apparmor/-/merge_requests/645) -profiles/apparmor/profiles/extras/sbin.dhclient -profiles/apparmor/profiles/extras/sbin.dhclient-script - - - -05acf374 Merge aa_status: Fix build issue with musl -0dbcbee7 parser/Makefile: dont force host cpp to detect reallocarray -a2a0d14b aa_status: Fix build issue with musl - [MR:647](https://gitlab.com/apparmor/apparmor/-/merge_requests/647) -binutils/aa_status.c -parser/Makefile - - - -17c55b3b Merge branch 'master' into 'master' -37b90284 apparmor: fix manpage order - [MR:646](https://gitlab.com/apparmor/apparmor/-/merge_requests/646) -binutils/Makefile - - - -6e7d1b6b Merge Skip test if it can not access /var/log/wtmp -e0200b1b Skip test if it can not access /var/log/wtmp - [MR:641](https://gitlab.com/apparmor/apparmor/-/merge_requests/641) - Closes [AABUG:120](https://gitlab.com/apparmor/apparmor/-/issues/120) -utils/test/test-aa-notify.py - - - -19095611 Merge Test for full parser error messages, not parts -3f752fac Ensure empty stderr if no errors are expected -37552669 Test for full parser error messages, not parts - [MR:632](https://gitlab.com/apparmor/apparmor/-/merge_requests/632) -parser/tst/errors.py - - - -e6e54dc9 Merge libapparmor: add missing include for `socklen_t` -47263a3a libapparmor: add missing include for `socklen_t` - [MR:642](https://gitlab.com/apparmor/apparmor/-/merge_requests/642) -libraries/libapparmor/include/sys/apparmor.h - - - -4a89067c Merge Symbol visibility -9a8fee6b libapparmor: add _aa_asprintf to private symbols -c9255a03 libapparmor: add `aa_features_new_from_file` to public symbols - [MR:643](https://gitlab.com/apparmor/apparmor/-/merge_requests/643) -libraries/libapparmor/src/libapparmor.map - - - - - ------------------------ -Commits without Merges - - -7c722400 Prepare for AppArmor 3.1 release -common/Version -libraries/libapparmor/src/Makefile.am - - - -db246ddb parser: begin deprecation process for #include -parser/parser.h -parser/parser_lex.l -parser/parser_main.c - - - -a382452a libapparmor: update rules around the library version -libraries/libapparmor/src/Makefile.am - - - -b65fbf5f Sync Library version from 3.0.5 release -libraries/libapparmor/src/Makefile.am - - - -0afc2cbb parser: fix LTO build - [MR:901](https://gitlab.com/apparmor/apparmor/-/merge_requests/901) - [AABUG:214](https://gitlab.com/apparmor/apparmor/-/issues/214) -parser/Makefile - - - -2a3140cb parser: fix min length calculation for inverse character sets -parser/libapparmor_re/expr-tree.h - - - -bd78b6b2 parser: dirtest that was supposed to be part of the previous commit - Fixes: [MR:85](https://gitlab.com/apparmor/apparmor/-/merge_requests/85) -parser/tst/dirtest.sh -parser/tst/dirtest/badlink/bar -parser/tst/dirtest/badlink/good_link -parser/tst/dirtest/badlink/profileA -parser/tst/dirtest/badlink/profileB -parser/tst/dirtest/badprofile/bad -parser/tst/dirtest/badprofile/good_link -parser/tst/dirtest/badprofile/profileA -parser/tst/dirtest/badprofile/profileB -parser/tst/dirtest/dirtest.out -parser/tst/dirtest/gooddir/good_link -parser/tst/dirtest/gooddir/profileA -parser/tst/dirtest/gooddir/profileB -parser/tst/dirtest/goodtarget - - - -acc6ba1c libapparmor: fix handling of failed symlink traversal - [MR:850](https://gitlab.com/apparmor/apparmor/-/merge_requests/850) - Fixes: [AABUG:215](https://gitlab.com/apparmor/apparmor/-/issues/215) -libraries/libapparmor/src/features.c -libraries/libapparmor/src/policy_cache.c -libraries/libapparmor/src/private.c -parser/parser_lex.l -parser/parser_main.c -parser/tst/Makefile - - - -8b4344c1 gitlab: testing: temporarily disable secret-detect -.gitlab-ci.yml - - - -2ba5575f libapparmor: sync library version change with the 3.0.4 release -libraries/libapparmor/src/Makefile.am - - - -7cde91f5 libapparmor: fix building with link time optimization (lto) - [MR:831](https://gitlab.com/apparmor/apparmor/-/merge_requests/831) - Fixes: [AABUG:214](https://gitlab.com/apparmor/apparmor/-/issues/214) -libraries/libapparmor/src/Makefile.am -libraries/libapparmor/src/kernel.c -libraries/libapparmor/src/libapparmor.map - - - -0b8ea047 rc.apparmor: drop use of xargs as fallback when loading profiles - [LP:1377338](https://bugs.launchpad.net/bugs/1377338) <[LP:1377338](https://bugs.launchpad.net/bugs/1377338)> -- # ([LP:1377338](https://bugs.launchpad.net/bugs/1377338)), remove the following code and the - LP:1377338 <[LP:1377338](https://bugs.launchpad.net/bugs/1377338)> -parser/rc.apparmor.functions - - - -1ca30e35 libapparmor: Fix ruby 3.1 build for libapparmor - Fixes: [AABUG:206](https://gitlab.com/apparmor/apparmor/-/issues/206) -.gitignore -libraries/libapparmor/swig/ruby/Makefile.am -libraries/libapparmor/swig/ruby/extconf.rb - - - -457ab38b aa-status: fix crash due to \n in profile name - [MR:824](https://gitlab.com/apparmor/apparmor/-/merge_requests/824) - Fixes: [AABUG:211](https://gitlab.com/apparmor/apparmor/-/issues/211) -binutils/aa_status.c - - - -21e5a721 replace deprecated distutils with setuptools - [MR:813](https://gitlab.com/apparmor/apparmor/-/merge_requests/813) - Fixes: [AABUG:202](https://gitlab.com/apparmor/apparmor/-/issues/202) -.gitignore -.gitlab-ci.yml -libraries/libapparmor/m4/ac_python_devel.m4 -libraries/libapparmor/swig/python/Makefile.am -libraries/libapparmor/swig/python/setup.py.in -libraries/libapparmor/swig/python/test/Makefile.am -profiles/Makefile -utils/Makefile -utils/python-tools-setup.py -utils/test/Makefile -utils/test/README.md - - - -51673395 regression tests: fix aa_policy_cache when using system parser - [MR:788](https://gitlab.com/apparmor/apparmor/-/merge_requests/788) -tests/regression/apparmor/aa_policy_cache.sh - - - -0db428a6 Revert "regression tests: fix aa_policy_cache when using system parser" -tests/regression/apparmor/aa_policy_cache.sh - - - -bbdd5639 library: bump version number to stay in sync with 3.0.2 release -libraries/libapparmor/src/Makefile.am - - - -8dce557f bump Version to indicate dev branch -common/Version - - - -656a48b9 tests: check for loopback module on pivot_root test - [MR:781](https://gitlab.com/apparmor/apparmor/-/merge_requests/781) -tests/regression/apparmor/pivot_root.sh - - - -3f46d96a libapparmor: fix comments about kernel exporte interfaces - [MR:777](https://gitlab.com/apparmor/apparmor/-/merge_requests/777) -libraries/libapparmor/src/kernel.c - - - -3d1232e6 parser: fix cache time stamp check to include dir time stamps - [MR:760](https://gitlab.com/apparmor/apparmor/-/merge_requests/760) -parser/parser_lex.l - - - -12957eba parser: CAP_AUDIT_READ is only available after Linux 3.16 - [MR:767](https://gitlab.com/apparmor/apparmor/-/merge_requests/767) -parser/capability.h - - - -8c8da7c6 parser: move ifdefs for capabilities to single common file - [MR:768](https://gitlab.com/apparmor/apparmor/-/merge_requests/768) -parser/capability.h -parser/parser_yacc.y - - - -e6e112fb tests: regression: fix test failure due to mmap semantic changes -tests/regression/apparmor/exec_stack.sh - - - -458a981b tests: fix i18n.sh regression test on arm64 - [MR:765](https://gitlab.com/apparmor/apparmor/-/merge_requests/765) - Fixes: [LP:1932331](https://bugs.launchpad.net/bugs/1932331) - Fixes: [[LP:1932331](https://bugs.launchpad.net/bugs/1932331)](https://bugs.launchpad.net/bugs/1932331) -tests/regression/apparmor/i18n.sh - - - -9ff71395 Add README on tests regarding single test execution - [MR:761](https://gitlab.com/apparmor/apparmor/-/merge_requests/761) -utils/test/README.md - - - -74bc4275 parser: Fix invalid reference to name in attachment warning -parser/parser_regex.c - - - -be0d2fa9 parser: fix filter slashes for profile attachments - [MR:727](https://gitlab.com/apparmor/apparmor/-/merge_requests/727) - Fixes: [AABUG:154](https://gitlab.com/apparmor/apparmor/-/issues/154) -parser/parser_regex.c -parser/tst/equality.sh - - - -92e27f55 abstractions: Add trash abstraction - [MR:738](https://gitlab.com/apparmor/apparmor/-/merge_requests/738) - Fixes: [AABUG:160](https://gitlab.com/apparmor/apparmor/-/issues/160) -profiles/apparmor.d/abstractions/trash - - - -cf809ea9 parser: Fix make DEBUG=1 - [MR:745](https://gitlab.com/apparmor/apparmor/-/merge_requests/745) -parser/parser_main.c - - - -f19f9ae1 abstractions: update video abstraction - [MR:740](https://gitlab.com/apparmor/apparmor/-/merge_requests/740) - Fixes: [AABUG:159](https://gitlab.com/apparmor/apparmor/-/issues/159) -profiles/apparmor.d/abstractions/video - - - -c7348395 profiles: dhclient: allow setting task comm name -+ # see [LP:1918410](https://bugs.launchpad.net/bugs/1918410) -+ # see [[LP:1918410](https://bugs.launchpad.net/bugs/1918410)](https://bugs.launchpad.net/bugs/1918410) -profiles/apparmor/profiles/extras/sbin.dhclient - - - -277677da profiles: dhcpd: add rule for port_range - [MR:726](https://gitlab.com/apparmor/apparmor/-/merge_requests/726) - Fixes: [LP:1901373](https://bugs.launchpad.net/bugs/1901373) - Fixes: [[LP:1901373](https://bugs.launchpad.net/bugs/1901373)](https://bugs.launchpad.net/bugs/1901373) -profiles/apparmor/profiles/extras/usr.sbin.dhcpd - - - -4101d74d man: apparmor.7 add info about complain mode and kernel parameters - [MR:722](https://gitlab.com/apparmor/apparmor/-/merge_requests/722) -parser/apparmor.pod - - - -5ad5dd0b abstractions: Fix wayland abstraction for compositors based on wlroots - [MR:725](https://gitlab.com/apparmor/apparmor/-/merge_requests/725) - Fixes: [AABUG:143](https://gitlab.com/apparmor/apparmor/-/issues/143) -profiles/apparmor.d/abstractions/wayland - - - -2852e1ec parser: fix filter slashes for link targets - [MR:723](https://gitlab.com/apparmor/apparmor/-/merge_requests/723) - Fixes: [AABUG:153](https://gitlab.com/apparmor/apparmor/-/issues/153) -parser/parser_regex.c -parser/tst/equality.sh - - - -d4e0a945 abstractions: Add missing rule in wutmp abstraction - [MR:724](https://gitlab.com/apparmor/apparmor/-/merge_requests/724) - Fixes: [AABUG:152](https://gitlab.com/apparmor/apparmor/-/issues/152) -profiles/apparmor.d/abstractions/wutmp - - - -fe477af6 libapparmor: alphasort directory traversals - [MR:706](https://gitlab.com/apparmor/apparmor/-/merge_requests/706) - Fixes: [AABUG:147](https://gitlab.com/apparmor/apparmor/-/issues/147) -libraries/libapparmor/src/private.c - - - -855dbd4a parser: fix rule downgrade for unix rules - [MR:700](https://gitlab.com/apparmor/apparmor/-/merge_requests/700) - Fixes: [BOO:1180766](https://bugzilla.opensuse.org/show_bug.cgi?id=1180766) -parser/af_unix.cc - - - -b6fbe10d parser: fix build issue with REALLOCARRAY check - [MR:712](https://gitlab.com/apparmor/apparmor/-/merge_requests/712) -parser/Makefile - - - -ee5303c8 Fix nscd conflict with systemd-homed - [MR:707](https://gitlab.com/apparmor/apparmor/-/merge_requests/707) - Fixes: [AABUG:145](https://gitlab.com/apparmor/apparmor/-/issues/145) -profiles/apparmor.d/usr.sbin.nscd - - - -656f2103 profiles: firefox Add support for widevine DRM - [MR:684](https://gitlab.com/apparmor/apparmor/-/merge_requests/684) -profiles/apparmor/profiles/extras/usr.lib.firefox.firefox - - - -681c9765 parser: fixup "fix --jobs so jobs scaling is applied correctly" - [MR:703](https://gitlab.com/apparmor/apparmor/-/merge_requests/703) -parser/parser_main.c - - - -65ba20b9 parser: fix --jobs so job scaling is applied correctly - [MR:703](https://gitlab.com/apparmor/apparmor/-/merge_requests/703) -parser/apparmor_parser.pod -parser/parser_main.c - - - -136502ac parser: enable the parser to do some rough tuning based on memory and cpu - [MR:702](https://gitlab.com/apparmor/apparmor/-/merge_requests/702) -parser/apparmor_parser.pod -parser/parser_main.c - - - -d50262cf parser: fix warning for rule not enforced - [MR:699](https://gitlab.com/apparmor/apparmor/-/merge_requests/699) - Fixes: [AABUG:144](https://gitlab.com/apparmor/apparmor/-/issues/144) -parser/af_unix.cc - - - -c43bdf2e parser: don't abort profile compile if the kernel is missing caps/mask - [MR:691](https://gitlab.com/apparmor/apparmor/-/merge_requests/691) - Fixes: [AABUG:140](https://gitlab.com/apparmor/apparmor/-/issues/140) -parser/parser_misc.c - - - -6e5dba4f libapparmor: Sync library version bump done for the 3.0.1 release -libraries/libapparmor/src/Makefile.am - - - -d26da6c4 libapparmor: fix failure in procattr accesses due to domain change - [MR:681](https://gitlab.com/apparmor/apparmor/-/merge_requests/681) - Fixes: [AABUG:131](https://gitlab.com/apparmor/apparmor/-/issues/131) -libraries/libapparmor/src/kernel.c - - - -7c88f02d aa-notify: don't crash if the logfile is not present due to rotation - [MR:688](https://gitlab.com/apparmor/apparmor/-/merge_requests/688) - Fixes: [AABUG:130](https://gitlab.com/apparmor/apparmor/-/issues/130) -utils/aa-notify - - - -15dc0624 utils: fix make -C profiles check-logprof fails - [MR:663](https://gitlab.com/apparmor/apparmor/-/merge_requests/663) - Fixes: [AABUG:36](https://gitlab.com/apparmor/apparmor/-/issues/36) -utils/aa-genprof -utils/aa-logprof -utils/aa-mergeprof -utils/apparmor/aa.py -utils/apparmor/tools.py - - - -8ea7630b aa-notify: Stop aa-notify from exit after 100s of polling - [MR:660](https://gitlab.com/apparmor/apparmor/-/merge_requests/660) - Fixes: [AABUG:126](https://gitlab.com/apparmor/apparmor/-/issues/126) -utils/aa-notify - - - -43eb54d1 utils: split linting with PYFLAKES into a separate target. - [AABUG:121](https://gitlab.com/apparmor/apparmor/-/issues/121) -utils/Makefile - - - -4a226637 translations: update generated pot files -binutils/po/aa_enabled.pot -binutils/po/aa_exec.pot -binutils/po/aa_features_abi.pot -parser/po/apparmor-parser.pot - - - -644a4739 parser: Add support for CAP_CHECKPOINT_RESTORE - [MR:654](https://gitlab.com/apparmor/apparmor/-/merge_requests/654) -parser/base_cap_names.h -parser/capability.h - - - -21060e80 parser: Fix warning message when complain mode is forced - [MR:649](https://gitlab.com/apparmor/apparmor/-/merge_requests/649) - Fixes: [LP:1899218](https://bugs.launchpad.net/bugs/1899218) - Fixes: [[LP:1899218](https://bugs.launchpad.net/bugs/1899218)](https://bugs.launchpad.net/bugs/1899218) -parser/parser_main.c - - - -ec19ff9f parser: fix parser.conf commenting on pinning an abi - [MR:648](https://gitlab.com/apparmor/apparmor/-/merge_requests/648) -parser/parser.conf - - - - - +AppArmor 3.1 was snapshoted on 2022-08-23. It was never officially released and discarded due to a library versioning issue discovered after it was created be before it was announced and released. Please use its replacement [AppArmor 3.1.1](https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1).