mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity

Update Release_Notes_4.0 alpha2

John Johansen
2023-08-10 23:48:18 +00:00
parent e6564b9ab3
commit c4f08496e7
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Release_Notes_4.0-alpha2.md

@@ -57,8 +57,9 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
| user ns | Y | Y <sup>1</sup> | N | N | Y <sup>2</sup> | | user ns | Y | Y <sup>1</sup> | N | N | Y <sup>2</sup> |
| aa-status filters | N | N | n/a | N | N | | aa-status filters | N | N | n/a | N | N |
| aa-load | N | N | n/a | Y | N | | aa-load | N | N | n/a | Y | N |
| unconfined ns restriction | N | Y <sup>8</sup> | N | N | Y |
| unconfined change_profile stacking | N | Y <sup>8</sup> | N | N | Y |
| unconfined io_uring restriction | N | Y <sup>8</sup> | N | N | Y |
@@ -70,6 +71,7 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
5. If more than 12 transitions are used in a profile, AppArmor 3.x will fail 5. If more than 12 transitions are used in a profile, AppArmor 3.x will fail
6. Will break older policy if variable is not defined. Variable can be manually defined in older parser. 6. Will break older policy if variable is not defined. Variable can be manually defined in older parser.
7. AppArmor 3.x will not break but will use declared abi, instead of extending abi when a rule not in the abi is declared in policy. 7. AppArmor 3.x will not break but will use declared abi, instead of extending abi when a rule not in the abi is declared in policy.
8. These features if enabled will change unconfined's behavior but can be disabled with either a grub kernel boot parameter or sysctl depending on the kernel.
in beta in beta
|Feature | policy extension |breaks 3.x |supported by utils|requires 4.x libapparmor|requires kernel support| |Feature | policy extension |breaks 3.x |supported by utils|requires 4.x libapparmor|requires kernel support|
@@ -82,14 +84,13 @@ in beta
AppArmor 4.1 or later AppArmor 4.1 or later
|Feature | policy extension |breaks 3.x |supported by utils|requires 4.x libapparmor|requires kernel support| |Feature | policy extension |breaks 3.x |supported by utils|requires 4.x libapparmor|requires kernel support|
|:---: |:---: |:---: |:---: |:---: |:---:| |:---: |:---: |:---: |:---: |:---: |:---:|
| multiple policy locations | N | Y <sup>3</sup> | n/a | Y | N | | multiple policy locations | N | Y <sup>3</sup> | n/a | Y | N |
| location specific configs | N | Y <sup>3</sup> | n/a | Y | N | | location specific configs | N | Y <sup>3</sup> | n/a | Y | N |
| user conditional | Y | Y <sup>1</sup> | N | N | Y <sup>2</sup> | | user conditional | Y | Y <sup>1</sup> | N | N | Y <sup>2</sup> |
| -O rule-refactor | N | N | n/a | N | N | | -O rule-refactor | N | N | n/a | N | N |
| kernel supports conditional | Y | Y <sup>1</sup> | N | N | N | | kernel supports conditional | Y | Y <sup>1</sup> | N | N | N |
| abi supports conditional | Y | Y <sup>1</sup> | N | N | N | | abi supports conditional | Y | Y <sup>1</sup> | N | N | N |
| replace unconfined | N | Y | N | N | N |
## Compatibility ## Compatibility