mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Update Release_Notes_2.13.3
John Johansen
parent
710d35bae3
commit
07eff2651a
1 changed files with 87 additions and 9 deletions
|
|
@ -21,40 +21,118 @@ Tarball
|
|||
- sha256sum: ???
|
||||
- signature: <https://launchpad.net/apparmor/2.13/2.13.3/+download/apparmor-2.13.3.tar.gz.asc>
|
||||
|
||||
# Translations
|
||||
- sync to most up to date language translations available
|
||||
|
||||
# Build & Infrastructure
|
||||
- add files to .gitignore
|
||||
- swig auto generated files for ruby
|
||||
- fix libapparmor swig 4 failure 'aa_log_record' object has no attribute '__getattr__'
|
||||
|
||||
|
||||
# libapparmor
|
||||
- fix segfault in overlaydirat_for_each causing overlayed cache directory failures
|
||||
- fix segfault when loading policy cache files
|
||||
- fix failure to merge overlay directories in some situations
|
||||
|
||||
Policy Compiler (a.k.a apparmor\_parser)
|
||||
----------------------------------------
|
||||
- ???
|
||||
- fix parsing of target profile NAME in directed transitions “px -> NAME"
|
||||
- fix parser failing to handle errors when setting up work causing early abort resulting in failed loads or policy compiles
|
||||
- improve runtime attachment by determine xmatch priority based on smallest DFA match
|
||||
- don't skip cache loads just because optimizations flags are specified
|
||||
|
||||
|
||||
Init
|
||||
----
|
||||
- ???
|
||||
- apparmor.systemd: fix minor issues detected by shellcheck
|
||||
- fix return value when removing profiles
|
||||
|
||||
|
||||
Utils
|
||||
-----
|
||||
|
||||
- genprof/logprof
|
||||
- ???
|
||||
- Ensure there is always a fallback falue for the logfile location
|
||||
- fix handling of log stream when the suggestion of creating a new hat is rejected
|
||||
|
||||
Policy
|
||||
------
|
||||
- ???
|
||||
|
||||
- Profiles
|
||||
- ???
|
||||
- dovecot
|
||||
- allow FD passing between dovecot and dovecot's anvil
|
||||
- allow chroot'ing the auth processes
|
||||
- let dovecot/anvil rw the auth-penalty socket
|
||||
- auth processes need to read from postfix auth socket
|
||||
- add abstractions/ssl_certs to lmtp
|
||||
- allow master to use SIGTERM on children that are slow to die
|
||||
- align {pop3,managesieve}-login to imap-login
|
||||
- identd
|
||||
- allow network netlink dgram
|
||||
- syslog-ng
|
||||
- add abstractions/python for python-parser
|
||||
- lsb_release profile: new abstraction
|
||||
- dnsmasq:
|
||||
- allow peer=libvirtd to support named profile
|
||||
- Work around breakage caused by {bin,sbin} alternation
|
||||
- Revert /usr/{bin,sbin}/ alternation in dnsmasq profile name
|
||||
- msqld:
|
||||
- add mmap permission for mysqld (4.8 semantic change)
|
||||
- allow mysql to determine which cpus are online
|
||||
- allow locking of mysql files
|
||||
|
||||
|
||||
- Tunables
|
||||
- share:
|
||||
- make it play well with aliases
|
||||
- fix buggy syntax that broke the ~/.local/share part of the @{user_share_dirs} tunable
|
||||
|
||||
- Abstractions
|
||||
- ???
|
||||
- move dirc.d access from mesa to dir-common
|
||||
- base: allow mr permission on all *.so* common library paths
|
||||
- dri-common: allow reading /dev/dri/
|
||||
- ssl_certs,keys - add support for libdehydrated in /var/lib/
|
||||
- qt5: allow reading user configuration
|
||||
- qt5-settings-write: fix anonymous shared memory access
|
||||
- qt5-compose-cache-write: fix anonymous shared memory access
|
||||
- nameservice: allow access to /run/netconfig/resolv.conf
|
||||
- mesa: allow reading drirc.d
|
||||
- vulcan: allow reading /etc/vulkan/icd.d/
|
||||
- nvidia: allow reading nvidia application profiles
|
||||
- postfix-common: make compatible with updated postfix profiles naming
|
||||
- python: allow reading /usr/local/lib/python3
|
||||
- ldapclient: allow rw access to the nslcd socket
|
||||
- ubuntu-browsers.d/multimedia: allow creating/writing config dirs
|
||||
- audio:
|
||||
- fix alsa settings access
|
||||
- grant read access to the system-wide asound.conf
|
||||
- grant read access to the libao configuration files
|
||||
- fonts:
|
||||
- Allow to read conf-avail dir itself.
|
||||
- Add various openSUSE-specific font config directories
|
||||
- allow creating/writing config dirs
|
||||
- kde:
|
||||
- allow access to common KDE-specific settings
|
||||
- allow access to global KDE settings
|
||||
- gnome:
|
||||
- allow reading gtk-3.0 cache files
|
||||
- allow creating config dirs
|
||||
|
||||
|
||||
Tests
|
||||
-----
|
||||
- ???
|
||||
- fix mount test to use next available loop device
|
||||
- update tests to support distros with user-merge where /bin and /sbin are symlinks
|
||||
- fix regression test failures around new binary cache layout
|
||||
- update tests for new network domain keywords
|
||||
- update tests for base abstraction changes
|
||||
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
- ???
|
||||
- apparmor.d (7):
|
||||
- update list of network domain keywords
|
||||
- drop unsupported 'to' option for link rules from manpage
|
||||
|
||||
Note
|
||||
====
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue