mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 22:05:27 +00:00
Update Release_Notes_2.12.2
John Johansen
@@ -17,130 +17,66 @@ AppArmor 2.12.2 was released 2018-12-????.
|
|||||||
These release notes cover all changes between 2.12.1 (4633658232827cfeb8d301257d9112cd101c2f7c) and 2.12.2 (?????? ) [apparmor-2.12 branch](https://gitlab.com/apparmor/apparmor/tree/apparmor-2.12).
|
These release notes cover all changes between 2.12.1 (4633658232827cfeb8d301257d9112cd101c2f7c) and 2.12.2 (?????? ) [apparmor-2.12 branch](https://gitlab.com/apparmor/apparmor/tree/apparmor-2.12).
|
||||||
|
|
||||||
Tarball
|
Tarball
|
||||||
- <https://launchpad.net/apparmor/2.12/2.12.1/+download/apparmor-2.12.1.tar.gz>
|
- <https://launchpad.net/apparmor/2.12/2.12.2/+download/apparmor-2.12.2.tar.gz>
|
||||||
- sha256sum: ec7fcb334f68e29f481251f865c29953163853506a8dc96ce8591d9add659db2
|
- sha256sum: ???
|
||||||
- signature: <https://launchpad.net/apparmor/2.12/2.12.1/+download/apparmor-2.12.1,tar.gz.asc>
|
- signature: <https://launchpad.net/apparmor/2.12/2.12.2/+download/apparmor-2.12.2,tar.gz.asc>
|
||||||
|
|
||||||
|
|
||||||
Build Infrastructure
|
|
||||||
--------------------
|
|
||||||
- Update release infrastructure to use gitlab
|
|
||||||
- Fix $(PWD) when using "make -C profiles"
|
|
||||||
- coverity
|
|
||||||
- capture separate log files for each coverity invocatio
|
|
||||||
- support python scan
|
|
||||||
|
|
||||||
|
|
||||||
Policy Compiler (a.k.a apparmor\_parser)
|
Policy Compiler (a.k.a apparmor\_parser)
|
||||||
----------------------------------------
|
----------------------------------------
|
||||||
- disable write cache if filesystem is read-only
|
- Fix failures due to -M only setting compile-features
|
||||||
- fix cache write message when stdin is used
|
- Don't hard code the location of netinet/in.h.
|
||||||
- fix parser so that cache creation failure doesn't cause load failure
|
|
||||||
- fix includes to allow white space
|
|
||||||
- add support for conditional includes
|
Init
|
||||||
- fix Makefile hardcoded paths to flex and bison
|
----
|
||||||
- ignore abi rules
|
- Ignore *.orig and *.rej files when loading profiles
|
||||||
|
- Fix syntax error in rc.apparmor.functions which could cause policy load failures
|
||||||
|
|
||||||
# Library
|
|
||||||
- fix: remove empty LD_RUN_PATH from libapparmor-perl
|
|
||||||
|
|
||||||
Utils
|
Utils
|
||||||
-----
|
-----
|
||||||
|
|
||||||
- genprof/logprof
|
- genprof/logprof
|
||||||
- ignore .git in is_skippable_dir()
|
- Fix viewing a local inactive profile in aa-genprof
|
||||||
- fix writing "link subset" rules
|
- Ensure last line in a profile is valid
|
||||||
- fix writing alias rules
|
- Fix handling of options when serializing profiles
|
||||||
- error out on nested child profiles which are not currently supported
|
- Fix minitools for named profiles
|
||||||
- fix unsetting filename in get_profile()
|
- Fix preview when viewing profile changes
|
||||||
- don't crash if setting printk_ratelimit fails
|
|
||||||
- fix overwriting of child profile flags if they differ from the main profile
|
|
||||||
- add python3.7 to logprof.conf
|
|
||||||
- add support for zsh in logprof.conf
|
|
||||||
- add basic support for abi rules to the tools
|
|
||||||
- fix aa-mergeprof crash caused by accidentially initialzed hat
|
|
||||||
|
|
||||||
- aa-notify
|
|
||||||
- make message about notify-send package cross-distro compatible
|
|
||||||
- set DBUS_SESSION_BUS_ADDRESS, needed by notify-send
|
|
||||||
- remove group restrictions
|
|
||||||
- Read user's configuration file from XDG_CONFIG_HOME
|
|
||||||
|
|
||||||
- sandbox.py
|
|
||||||
- remove unused exception binding
|
|
||||||
|
|
||||||
- aa-status
|
|
||||||
- split profile from exec name
|
|
||||||
|
|
||||||
Policy
|
Policy
|
||||||
------
|
------
|
||||||
- Profiles
|
- Use @{sys} tunable in profiles and abstractions
|
||||||
- support distributions which merge sbin into bin
|
|
||||||
- ping: support void linux binary location
|
- Profiles
|
||||||
- traceroute: support void linux binary location
|
- Add profile names to all profiles with {bin,sbin} attachment except for the dnsmasq profile
|
||||||
- allow running Thunderbird wrapper script
|
|
||||||
- add nvidia_modprobe profile
|
- dovecot: allow reading /proc/sys/fs/suid_dumpable
|
||||||
- ntpd
|
- postalias: allow locking /etc/aliases.db
|
||||||
- allow access to ntp clockstat
|
- dnsmasq:
|
||||||
- add openntpd drift and socket files
|
- Add pid file used by NetworkManager
|
||||||
- support void linux binary location
|
- Adjust pattern for log files to comply with SELinux
|
||||||
- mlmmj-sub fix moderated subscription
|
|
||||||
- dnsmasq
|
|
||||||
- allow chown capability.
|
|
||||||
- add paths for NetworkManager connection sharing
|
|
||||||
- add permission to open log files
|
|
||||||
- Fix ubuntu-browsers for 64bit openSUSE
|
|
||||||
- dovecot
|
|
||||||
- add dovecot/stats profile, and allow dovecot to run it
|
|
||||||
- allow write to /run/dovecot/old-stats-user
|
|
||||||
- allow dac_read_search and reading ssl-parameters.dat
|
|
||||||
- samba
|
|
||||||
- allow smbd to load new shared libraries
|
|
||||||
- allow winbindd to read and write new kerberos cache location
|
|
||||||
- nmbd
|
|
||||||
- add missing files
|
|
||||||
- support writing to /run/systemd/notify
|
|
||||||
- smbd add missing pid lock file
|
|
||||||
|
|
||||||
- Tunables
|
|
||||||
- Add uid and uids kernel var placeholders
|
|
||||||
|
|
||||||
- Abstractions
|
- Abstractions
|
||||||
- add qt5 abstraction
|
- private-files: deny ~/.mutt**
|
||||||
- add qt5-compose-cache-write abstraction
|
- private-files-strict: audit deny ~/.aws
|
||||||
- ubuntu-email: add new Thunderbird executable path
|
- ssl_key: Add /etc/letsencrypt/archive
|
||||||
- ubuntu-browsers.d/user-files: disallow access to the dirs of private files
|
- Add vulkan abstraction
|
||||||
- private-files: disallow writes to thumbnailer dir (LP: #1788929)
|
|
||||||
- private-files-strict: disallow access to the dirs of private files
|
|
||||||
- user-files: disallow access to the dirs of private files
|
|
||||||
- remove antiquated abstractions/launchpad-integration
|
|
||||||
- kde: use qt5 abstration
|
|
||||||
- samba: add missing log files
|
|
||||||
- gnupg: allow pubring.kbx
|
|
||||||
- ld.so.conf: Update base abstraction
|
|
||||||
- nvidia: allow to create .nv directory
|
|
||||||
- ssl:
|
|
||||||
- add dehydrated certificate support
|
|
||||||
- support new location for ssl-params file
|
|
||||||
- php: allow ICU (unicode support) data tables
|
|
||||||
- Python:
|
|
||||||
- add support for python 3.7
|
|
||||||
- allow /usr/local/lib/python3/dist-packages
|
|
||||||
|
|
||||||
|
|
||||||
Tests
|
Tests
|
||||||
-----
|
-----
|
||||||
- mount regression test: convert mount test to use MS_NODE
|
- error out on superfluous TODOs
|
||||||
- add tests for relative path includes
|
- disable abi/ok_10 and abi/ok_12 tests
|
||||||
- fix regression tests to pass on 4.14 upstream kernel
|
- Remove TODO notes from no-longer-failing tests
|
||||||
- allow shell helper test read the locale
|
- add utils/test/common_test.pyc to gitignore
|
||||||
- mark profiles with multiple rules in one line as known-failing
|
|
||||||
- ignore tests for 'include if exists'
|
|
||||||
|
|
||||||
Documentation
|
Documentation
|
||||||
-------------
|
-------------
|
||||||
- apparmor(7): clarify the effect of reloading a profile.
|
- apparmor(7): document various debugging options.
|
||||||
- fix typo in apparmor_parser.pod
|
- aa-notify(8): update user's configuration file path
|
||||||
- update documentation to references gitlab and updated bug reporting procedures.
|
|
||||||
|
|
||||||
|
|
||||||
Note
|
Note
|
||||||
|
|||||||
Reference in New Issue
Block a user