mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Update Release_Notes_3.1.1
John Johansen
parent
7106986a73
commit
232af852c1
1 changed files with 131 additions and 37 deletions
|
|
@ -30,8 +30,6 @@ There are two ways to obtain this release either through gitlab or a tarball in
|
|||
|
||||
These release notes cover all changes between 3.1 (7c7224004c31389229877634a217fcc0c8e8567d) ) and 3.1.1 (ea127f13cd2c58ae883fb7c87a3ad91317a55c2d) on the [apparmor-3.1 branch](https://gitlab.com/apparmor/apparmor/tree/apparmor-3.1.
|
||||
|
||||
|
||||
|
||||
# Init
|
||||
- rc.apparmor.functions: only use systemd-detect-virt if it's present ([MR:896](https://gitlab.com/apparmor/apparmor/-/merge_requests/896))
|
||||
- profile-load: use safer and less ambiguous shell constructs ([MR:849](https://gitlab.com/apparmor/apparmor/-/merge_requests/849), [LP:1058356](https://bugs.launchpad.net/bugs/1058356))
|
||||
|
|
@ -44,9 +42,7 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
- Drop now-obsolete comment about skip_profile() ([MR:833](https://gitlab.com/apparmor/apparmor/-/merge_requests/833))
|
||||
- Enable AppArmor to run properly under WSL/systemd ([MR:812](https://gitlab.com/apparmor/apparmor/-/merge_requests/812))
|
||||
- make xargs invocation busybox-compatible ([MR:828](https://gitlab.com/apparmor/apparmor/-/merge_requests/828))
|
||||
|
||||
|
||||
|
||||
- drop use of xargs as fallback when loading profiles ([LP:1377338](https://bugs.launchpad.net/bugs/1377338))
|
||||
|
||||
|
||||
# Library
|
||||
|
|
@ -60,6 +56,18 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
- fix debug build of log parsing ((https://gitlab.com/apparmor/apparmor/-/merge_requests/799), [AABUG:196](https://gitlab.com/apparmor/apparmor/-/issues/196))
|
||||
- fix error value returned from features_lookup functions. ([MR:780](https://gitlab.com/apparmor/apparmor/-/merge_requests/780))
|
||||
- fix stacking and avaiable interface checks ([MR:713](https://gitlab.com/apparmor/apparmor/-/merge_requests/713), [AABUG:150](https://gitlab.com/apparmor/apparmor/-/issues/150))
|
||||
- Do not abuse AC_CHECK_FILE ([MR:728](https://gitlab.com/apparmor/apparmor/-/merge_requests/728), [debug984582](https://bugs.debian.org/984582))
|
||||
- look up python-config using AC_PATH_TOOL ([MR:729](https://gitlab.com/apparmor/apparmor/-/merge_requests/729), [debug984582](https://bugs.debian.org/984582))
|
||||
- fix setting proc_attr_base ([MR:701](https://gitlab.com/apparmor/apparmor/-/merge_requests/701))
|
||||
- Honor global LDFLAGS when building python library ([MR:689](https://gitlab.com/apparmor/apparmor/-/merge_requests/689), [AABUG:129](https://gitlab.com/apparmor/apparmor/-/issues/129))
|
||||
- add missing include for `socklen_t` ([MR:642](https://gitlab.com/apparmor/apparmor/-/merge_requests/642))
|
||||
- update Symbol visibility ([MR:643](https://gitlab.com/apparmor/apparmor/-/merge_requests/643))
|
||||
- update rules around the library version
|
||||
- fix handling of failed symlink traversal ([MR:850](https://gitlab.com/apparmor/apparmor/-/merge_requests/850), [AABUG:215](https://gitlab.com/apparmor/apparmor/-/issues/215))
|
||||
- fix building with link time optimization (lto) ([MR:831](https://gitlab.com/apparmor/apparmor/-/merge_requests/831), [AABUG:214](https://gitlab.com/apparmor/apparmor/-/issues/214))
|
||||
- Fix ruby 3.1 build for libapparmor ([AABUG:206](https://gitlab.com/apparmor/apparmor/-/issues/206))
|
||||
- alphasort directory traversals ([MR:706](https://gitlab.com/apparmor/apparmor/-/merge_requests/706), [AABUG:147](https://gitlab.com/apparmor/apparmor/-/issues/147))
|
||||
- fix failure in procattr accesses due to domain change ([MR:681](https://gitlab.com/apparmor/apparmor/-/merge_requests/681), [AABUG:131](https://gitlab.com/apparmor/apparmor/-/issues/131))
|
||||
|
||||
|
||||
# Policy Compiler (a.k.a apparmor_parser)
|
||||
|
|
@ -70,21 +78,46 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
- Fix unknown state condition RLIMIT_MODEINCLDE ([MR:803](https://gitlab.com/apparmor/apparmor/-/merge_requests/803))
|
||||
- add implicit rules for apparmor api checks ([MR:713](https://gitlab.com/apparmor/apparmor/-/merge_requests/713), [AABUG:150](https://gitlab.com/apparmor/apparmor/-/issues/150))
|
||||
- fix handling of jobs ([MR:775](https://gitlab.com/apparmor/apparmor/-/merge_requests/775))
|
||||
|
||||
- fix comments ([MR:752](https://gitlab.com/apparmor/apparmor/-/merge_requests/752))
|
||||
- add include dedup cache to handle include loops ([MR:743](https://gitlab.com/apparmor/apparmor/-/merge_requests/743), [BOS:1184779](https://bugzilla.suse.com/show_bug.cgi?id=1184779))
|
||||
- speedup dfa generation by replacing dynamic_casts ([MR:711](https://gitlab.com/apparmor/apparmor/-/merge_requests/711))
|
||||
- Add support for CAP_CHECKPOINT_RESTORE ([MR:654](https://gitlab.com/apparmor/apparmor/-/merge_requests/654))
|
||||
- Fix warning message when complain mode is forced ([MR:649](https://gitlab.com/apparmor/apparmor/-/merge_requests/649), [LP:1899218](https://bugs.launchpad.net/bugs/1899218))
|
||||
- fix min length calculation for inverse character sets
|
||||
- begin deprecation process for #include
|
||||
- fix LTO build ([MR:901](https://gitlab.com/apparmor/apparmor/-/merge_requests/901), [AABUG:214](https://gitlab.com/apparmor/apparmor/-/issues/214))
|
||||
- fix cache time stamp check to include dir time stamps ([MR:760](https://gitlab.com/apparmor/apparmor/-/merge_requests/760))
|
||||
- CAP_AUDIT_READ is only available after Linux 3.16 ([MR:767](https://gitlab.com/apparmor/apparmor/-/merge_requests/767))
|
||||
- move ifdefs for capabilities to single common file ([MR:768](https://gitlab.com/apparmor/apparmor/-/merge_requests/768))
|
||||
- Fix invalid reference to name in attachment warning
|
||||
- fix filter slashes for profile attachments ([MR:727](https://gitlab.com/apparmor/apparmor/-/merge_requests/727), [AABUG:154](https://gitlab.com/apparmor/apparmor/-/issues/154))
|
||||
- Fix make DEBUG=1 ([MR:745](https://gitlab.com/apparmor/apparmor/-/merge_requests/745))
|
||||
- fix filter slashes for link targets ([MR:723](https://gitlab.com/apparmor/apparmor/-/merge_requests/723), [AABUG:153](https://gitlab.com/apparmor/apparmor/-/issues/153))
|
||||
- fix rule downgrade for unix rules ([MR:700](https://gitlab.com/apparmor/apparmor/-/merge_requests/700), [BOO:1180766](https://bugzilla.opensuse.org/show_bug.cgi?id=1180766))
|
||||
- fix build issue with REALLOCARRAY check ([MR:712](https://gitlab.com/apparmor/apparmor/-/merge_requests/712))
|
||||
- fix --jobs so jobs scaling is applied correctly ([MR:703](https://gitlab.com/apparmor/apparmor/-/merge_requests/703))
|
||||
- enable the parser to do some rough tuning based on memory and cpu ([MR:702](https://gitlab.com/apparmor/apparmor/-/merge_requests/702))
|
||||
- fix warning for rule not enforced ([MR:699](https://gitlab.com/apparmor/apparmor/-/merge_requests/699), [AABUG:144](https://gitlab.com/apparmor/apparmor/-/issues/144))
|
||||
- don't abort profile compile if the kernel is missing caps/mask ([MR:691](https://gitlab.com/apparmor/apparmor/-/merge_requests/691), [AABUG:140](https://gitlab.com/apparmor/apparmor/-/issues/140))
|
||||
|
||||
|
||||
# Bin Utils
|
||||
- aa-feature-abi
|
||||
- fix failure to close fd due to shadowed var decl ([MR:804](https://gitlab.com/apparmor/apparmor/-/merge_requests/804))
|
||||
- make -f short arg actually be accepted ([MR:804](https://gitlab.com/apparmor/apparmor/-/merge_requests/804))
|
||||
- aa-status
|
||||
- Fix build issue with musl [MR:647](https://gitlab.com/apparmor/apparmor/-/merge_requests/647)
|
||||
- fix crash due to \n in profile name ([MR:824](https://gitlab.com/apparmor/apparmor/-/merge_requests/824), [AABUG:211](https://gitlab.com/apparmor/apparmor/-/issues/211))
|
||||
|
||||
|
||||
# Utils
|
||||
- Cleanup Python Style Guide Infractions ([MR:906](https://gitlab.com/apparmor/apparmor/-/merge_requests/906))
|
||||
- check if abstractions exist ([MR:683](https://gitlab.com/apparmor/apparmor/-/merge_requests/683), [BOO:1178527](https://bugzilla.opensuse.org/show_bug.cgi?id=1178527))
|
||||
- support and use --configdir in all aa-* utils ([MR:670](https://gitlab.com/apparmor/apparmor/-/merge_requests/670))
|
||||
- Ensure opened files are closed. ([MR:885](https://gitlab.com/apparmor/apparmor/-/merge_requests/885), [MR:898](https://gitlab.com/apparmor/apparmor/-/merge_requests/898), [AABUG:239](https://gitlab.com/apparmor/apparmor/-/issues/239), [AABUG:239](https://gitlab.com/apparmor/apparmor/-/issues/239))
|
||||
- Remove Python 2 support ([MR:894](https://gitlab.com/apparmor/apparmor/-/merge_requests/894))
|
||||
- Speed up list creations, and change lists to tuples where appropriate. ([MR:889](https://gitlab.com/apparmor/apparmor/-/merge_requests/889))
|
||||
- Avoid unnecessary memory copies when enlarging lists. ([MR:886](https://gitlab.com/apparmor/apparmor/-/merge_requests/886))
|
||||
- Fix spelling and grammar errors. ([MR:887](https://gitlab.com/apparmor/apparmor/-/merge_requests/887))
|
||||
- inline check_profile_dir() into __init__() ([MR:874](https://gitlab.com/apparmor/apparmor/-/merge_requests/874))
|
||||
- add a common reload_profile() function to aa.py ([MR:855](https://gitlab.com/apparmor/apparmor/-/merge_requests/855))
|
||||
- reduce and improve subprocess calls ([MR:856](https://gitlab.com/apparmor/apparmor/-/merge_requests/856))
|
||||
|
|
@ -99,25 +132,43 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
- Fix crash when prompting user about an exec ([MR:763](https://gitlab.com/apparmor/apparmor/-/merge_requests/763))
|
||||
- remove unnecessary flag parameters, and use correct amout of whitespace around kept flags ([MR:759](https://gitlab.com/apparmor/apparmor/-/merge_requests/759), [MR:757](https://gitlab.com/apparmor/apparmor/-/merge_requests/757))
|
||||
- preserve comments, profile and hat keywords in parse ([MR:758](https://gitlab.com/apparmor/apparmor/-/merge_requests/758), [MR:756](https://gitlab.com/apparmor/apparmor/-/merge_requests/756))
|
||||
|
||||
- cleanup profile storage code ([MR:754](https://gitlab.com/apparmor/apparmor/-/merge_requests/754), [MR:751](https://gitlab.com/apparmor/apparmor/-/merge_requests/751))
|
||||
- Rework internal profile storage and handling in the aa-* tools ([MR:736](https://gitlab.com/apparmor/apparmor/-/merge_requests/736), [MR:749](https://gitlab.com/apparmor/apparmor/-/merge_requests/749), [MR:734](https://gitlab.com/apparmor/apparmor/-/merge_requests/734), [MR:733](https://gitlab.com/apparmor/apparmor/-/merge_requests/733), [MR:709](https://gitlab.com/apparmor/apparmor/-/merge_requests/709))
|
||||
- Detect endless #include loop when parsing profiles ([MR:742](https://gitlab.com/apparmor/apparmor/-/merge_requests/742), [BOS:1184779](https://bugzilla.suse.com/show_bug.cgi?id=1184779))
|
||||
- don't return empty AUDIT section ([MR:731](https://gitlab.com/apparmor/apparmor/-/merge_requests/731))
|
||||
- Use parse() instead of _parse() in LogprofHeaderTest ([MR:718](https://gitlab.com/apparmor/apparmor/-/merge_requests/718))
|
||||
- drop superfluous parameters in ask_conflict_mode ([MR:732](https://gitlab.com/apparmor/apparmor/-/merge_requests/732))
|
||||
- Improve and simplify profile parsing ([MR:719](https://gitlab.com/apparmor/apparmor/-/merge_requests/719))
|
||||
- only load tunables and abstractions ([MR:714](https://gitlab.com/apparmor/apparmor/-/merge_requests/714))
|
||||
- Simplify handling of in_contained_hat ([MR:710](https://gitlab.com/apparmor/apparmor/-/merge_requests/710))
|
||||
- add preamble_ruletypes ([MR:708](https://gitlab.com/apparmor/apparmor/-/merge_requests/708))
|
||||
- support boolean variable definitations ([MR:693](https://gitlab.com/apparmor/apparmor/-/merge_requests/693))
|
||||
- Fix hotkey conflict in utils de.po, id.po and sv.po ([MR:675](https://gitlab.com/apparmor/apparmor/-/merge_requests/675))
|
||||
- Add CAP_CHECKPOINT_RESTORE to severity.db ([MR:656](https://gitlab.com/apparmor/apparmor/-/merge_requests/656))
|
||||
- replace deprecated distutils with setuptools ([MR:813](https://gitlab.com/apparmor/apparmor/-/merge_requests/813), [AABUG:202](https://gitlab.com/apparmor/apparmor/-/issues/202))
|
||||
- fix make -C profiles check-logprof fails ([MR:663](https://gitlab.com/apparmor/apparmor/-/merge_requests/663), [AABUG:36](https://gitlab.com/apparmor/apparmor/-/issues/36))
|
||||
- split linting with PYFLAKES into a separate target ([AABUG:121](https://gitlab.com/apparmor/apparmor/-/issues/121))
|
||||
- aa-autodep
|
||||
- load abstractions on start ([MR:682](https://gitlab.com/apparmor/apparmor/-/merge_requests/682), [BOO:1178527](https://bugzilla.opensuse.org/show_bug.cgi?id=1178527))
|
||||
- aa-decode
|
||||
use grep -E instead of egrep ([MR:792](https://gitlab.com/apparmor/apparmor/-/merge_requests/792))
|
||||
|
||||
- aa-logprof
|
||||
- Add new python versions to logprof.conf ([MR:795](https://gitlab.com/apparmor/apparmor/-/merge_requests/795), [AABUG:193](https://gitlab.com/apparmor/apparmor/-/issues/193))
|
||||
|
||||
- aa-notify
|
||||
- Add .desktop file ([MR:839](https://gitlab.com/apparmor/apparmor/-/merge_requests/839))
|
||||
- avoid crash on log events without operation= ([MR:797](https://gitlab.com/apparmor/apparmor/-/merge_requests/797), [AABUG:194](https://gitlab.com/apparmor/apparmor/-/issues/194))
|
||||
|
||||
- Skip test if it can not access /var/log/wtmp ([MR:641](https://gitlab.com/apparmor/apparmor/-/merge_requests/641), [AABUG:120](https://gitlab.com/apparmor/apparmor/-/issues/120))
|
||||
- don't crash if the logfile is not present due to rotation ([MR:688](https://gitlab.com/apparmor/apparmor/-/merge_requests/688), [AABUG:130](https://gitlab.com/apparmor/apparmor/-/issues/130))
|
||||
- Stop aa-notify from exit after 100s of polling ([MR:660](https://gitlab.com/apparmor/apparmor/-/merge_requests/660), [AABUG:126](https://gitlab.com/apparmor/apparmor/-/issues/126))
|
||||
- aa-remove-unknown
|
||||
- abort on parser failure ([MR:836](https://gitlab.com/apparmor/apparmor/-/merge_requests/836))
|
||||
- Drop superfluous $0 parameter from usage() ([MR:785](https://gitlab.com/apparmor/apparmor/-/merge_requests/785))
|
||||
|
||||
- aa-unconfined
|
||||
- Improve fallback handling to attr/current ([MR:801](https://gitlab.com/apparmor/apparmor/-/merge_requests/801), [AABUG:199](https://gitlab.com/apparmor/apparmor/-/issues/199))
|
||||
|
||||
|
||||
# apparmor.vim
|
||||
- add support for abi rules ([MR:690](https://gitlab.com/apparmor/apparmor/-/merge_requests/690))
|
||||
|
||||
|
||||
# Policy
|
||||
|
|
@ -130,63 +181,72 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
## abstractions
|
||||
- apache2-common
|
||||
- update so that other processes can trace the hats that include the abstraction ([MR:852](https://gitlab.com/apparmor/apparmor/-/merge_requests/852), [debug1003153](https://bugs.debian.org/1003153))
|
||||
|
||||
- authentication
|
||||
- Allow reading /etc/login.defs.d/ ([MR:774](https://gitlab.com/apparmor/apparmor/-/merge_requests/774), [BOO:1188296](https://bugzilla.opensuse.org/show_bug.cgi?id=1188296))
|
||||
|
||||
- crypto
|
||||
- create new abstraction refactor other abstractions to use it ([MR:772](https://gitlab.com/apparmor/apparmor/-/merge_requests/772))
|
||||
|
||||
- exo-open
|
||||
- Remove dbus deny rule ([MR:884](https://gitlab.com/apparmor/apparmor/-/merge_requests/884))
|
||||
|
||||
- fonts
|
||||
- Add Fontmatrix ([MR:657](https://gitlab.com/apparmor/apparmor/-/merge_requests/657))
|
||||
- gtk
|
||||
- new GTK abstraction ([MR:825](https://gitlab.com/apparmor/apparmor/-/merge_requests/825), [AABUG:168](https://gitlab.com/apparmor/apparmor/-/issues/168))
|
||||
- add support for gtk4. ([MR:857](https://gitlab.com/apparmor/apparmor/-/merge_requests/857))
|
||||
|
||||
- ibus
|
||||
- Allow access to socket directory used by recent ibus-daemon ([MR:837](https://gitlab.com/apparmor/apparmor/-/merge_requests/837))
|
||||
|
||||
- is_enabled
|
||||
- new apparmor api abstraction is_enabled ([MR:713](https://gitlab.com/apparmor/apparmor/-/merge_requests/713), [AABUG:150](https://gitlab.com/apparmor/apparmor/-/issues/150))
|
||||
|
||||
- mesa
|
||||
- Update to support current versions ([MR:879](https://gitlab.com/apparmor/apparmor/-/merge_requests/879))
|
||||
|
||||
- tightens cache location and add fallback ([MR:652](https://gitlab.com/apparmor/apparmor/-/merge_requests/652), [AABUG:91](https://gitlab.com/apparmor/apparmor/-/issues/91))
|
||||
- nss-systemd
|
||||
- Allow access for systemd-machined names ([MR:861](https://gitlab.com/apparmor/apparmor/-/merge_requests/861), [LP:1964325](https://bugs.launchpad.net/bugs/1964325))
|
||||
|
||||
- ntpd
|
||||
- use abstraction/ssl_certs ([MR:698](https://gitlab.com/apparmor/apparmor/-/merge_requests/698))
|
||||
- openssl
|
||||
- allow /etc/ssl/{engdef,engines}.d/ ([MR:818](https://gitlab.com/apparmor/apparmor/-/merge_requests/818))
|
||||
|
||||
|
||||
- php
|
||||
- Allow reading all of /etc/php[578]/** ([MR:876](https://gitlab.com/apparmor/apparmor/-/merge_requests/876), [AABUG:229](https://gitlab.com/apparmor/apparmor/-/issues/229), [BOO:1186267](https://bugzilla.opensuse.org/show_bug.cgi?id=1186267)#c11)
|
||||
- support PHP 8 ([MR:755](https://gitlab.com/apparmor/apparmor/-/merge_requests/755), [BOO:1186267](https://bugzilla.opensuse.org/show_bug.cgi?id=1186267))
|
||||
|
||||
- python
|
||||
- update perms and merge /usr/ and /usr/local/ rules ([MR:814](https://gitlab.com/apparmor/apparmor/-/merge_requests/814))
|
||||
- update for python 3.10 ([MR:783](https://gitlab.com/apparmor/apparmor/-/merge_requests/783), [AABUG:187](https://gitlab.com/apparmor/apparmor/-/issues/187))
|
||||
|
||||
- private-files-strict
|
||||
- new deny path for kwallet (used in KDE 5) ([MR:704](https://gitlab.com/apparmor/apparmor/-/merge_requests/704))
|
||||
- samba
|
||||
- Squash noisey setsockopt calls. ([MR:867](https://gitlab.com/apparmor/apparmor/-/merge_requests/867))
|
||||
- allow libldb2 paths ([MR:821](https://gitlab.com/apparmor/apparmor/-/merge_requests/821), [BOO:1192684](https://bugzilla.opensuse.org/show_bug.cgi?id=1192684))
|
||||
- allow use of /run/lock/samba ([MR:805](https://gitlab.com/apparmor/apparmor!805))
|
||||
|
||||
- snap_browsers
|
||||
- add new snap-browsers abstraction ([MR:806](https://gitlab.com/apparmor/apparmor/-/merge_requests/806)
|
||||
- update to support newer browsers ([MR:877](https://gitlab.com/apparmor/apparmor/-/merge_requests/877))
|
||||
|
||||
- ssl_certs
|
||||
- extend pki/trust directories ([MR:864](https://gitlab.com/apparmor/apparmor/-/merge_requests/864))
|
||||
- allow reading crypto policies ([MR:720](https://gitlab.com/apparmor/apparmor/-/merge_requests/720))
|
||||
|
||||
- add /etc/ca-certificates/ and /etc/libressl/ ([MR:698](https://gitlab.com/apparmor/apparmor/-/merge_requests/698))
|
||||
- trash
|
||||
- new abstraction ([MR:738](https://gitlab.com/apparmor/apparmor/-/merge_requests/738), [AABUG:160](https://gitlab.com/apparmor/apparmor/-/issues/160))
|
||||
- ubuntu-browsers
|
||||
- Add support from brave ([MR:667](https://gitlab.com/apparmor/apparmor/-/merge_requests/667))
|
||||
- ubuntu-browsers.d/ubuntu-integration
|
||||
- use abstractions/exo-open ([MR:666](https://gitlab.com/apparmor/apparmor/-/merge_requests/666))
|
||||
- ubuntu-browsers.d/user-files
|
||||
- new deny path for kwallet (used in KDE 5) ([MR:704](https://gitlab.com/apparmor/apparmor/-/merge_requests/704))
|
||||
- ubuntu-helpers
|
||||
- Fix: Opening links with Chrome ([MR:830](https://gitlab.com/apparmor/apparmor/-/merge_requests/830))
|
||||
- Include local customization ([MR:796](https://gitlab.com/apparmor/apparmor/-/merge_requests/796), [debug990499](https://bugs.debian.org/990499))
|
||||
|
||||
- Add support from brave ([MR:667](https://gitlab.com/apparmor/apparmor/-/merge_requests/667))
|
||||
- video
|
||||
- sys rule ([MR:791](https://gitlab.com/apparmor/apparmor/-/merge_requests/791))
|
||||
- update for latest permissions ([MR:740](https://gitlab.com/apparmor/apparmor/-/merge_requests/740), [AABUG:159](https://gitlab.com/apparmor/apparmor/-/issues/159))
|
||||
- wayland
|
||||
- fix for compositors based on wlroots ([MR:725](https://gitlab.com/apparmor/apparmor/-/merge_requests/725), [AABUG:143](https://gitlab.com/apparmor/apparmor/-/issues/143))
|
||||
- wutmp
|
||||
- Add missing rule in wutmp abstraction ([MR:724](https://gitlab.com/apparmor/apparmor/-/merge_requests/724), [AABUG:152](https://gitlab.com/apparmor/apparmor/-/issues/152))
|
||||
- X
|
||||
- Allow (only) reading X compose cache ([MR:685](https://gitlab.com/apparmor/apparmor/-/merge_requests/685))
|
||||
- make x11 socket writable again ([MR:664](https://gitlab.com/apparmor/apparmor/-/merge_requests/664))
|
||||
- Adjust for new ICEauthority path in /run ([MR:668](https://gitlab.com/apparmor/apparmor/-/merge_requests/668))
|
||||
|
||||
|
||||
|
||||
|
|
@ -195,17 +255,31 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
|
||||
- avahi-daemon
|
||||
- Add missing /proc permissions ([MR:811](https://gitlab.com/apparmor/apparmor/-/merge_requests/811), [AABUG:203](https://gitlab.com/apparmor/apparmor/-/issues/203))
|
||||
|
||||
- dhclient
|
||||
- Fix invalid Pux (should be PUx) permissions in dhclient-script ([MR:676](https://gitlab.com/apparmor/apparmor/-/merge_requests/676))
|
||||
- fix to work on debian buster ([MR:645](https://gitlab.com/apparmor/apparmor/-/merge_requests/645))
|
||||
- allow setting task comm name ([LP:1918410](https://bugs.launchpad.net/bugs/1918410))
|
||||
- dhcpd
|
||||
- add rule for port_range ([MR:726](https://gitlab.com/apparmor/apparmor/-/merge_requests/726), [LP:1901373](https://bugs.launchpad.net/bugs/1901373))
|
||||
- dnsmasq
|
||||
- Add missing r permissions for libvirt_leaseshelper ([MR:905](https://gitlab.com/apparmor/apparmor/-/merge_requests/905), [BOO:1202161](https://bugzilla.opensuse.org/show_bug.cgi?id=1202161))
|
||||
- allow paths for podman dnsname plugin in rootless mode ([MR:909](https://gitlab.com/apparmor/apparmor/-/merge_requests/909))
|
||||
- allow paths for podman dnsname plugin ([MR:800](https://gitlab.com/apparmor/apparmor/-/merge_requests/800), [BOO:1190271](https://bugzilla.opensuse.org/show_bug.cgi?id=1190271))
|
||||
|
||||
- Permit access to /proc/self/fd/ ([MR:659](https://gitlab.com/apparmor/apparmor/-/merge_requests/659))
|
||||
- dovecot
|
||||
- Add missing permissions for dovecot-{imap,lmtp,pop3} ([MR:881](https://gitlab.com/apparmor/apparmor/-/merge_requests/881), [BOO:1199535](https://bugzilla.opensuse.org/show_bug.cgi?id=1199535))
|
||||
- Allow dovecot to use all signals ([MR:865](https://gitlab.com/apparmor/apparmor/-/merge_requests/865))
|
||||
- allow Prometheus metrics end-point in dovecot/stats ([MR:776](https://gitlab.com/apparmor/apparmor/-/merge_requests/776))
|
||||
|
||||
- allow reading dh.pem ([MR:671](https://gitlab.com/apparmor/apparmor/-/merge_requests/671), [debug10]([debug10](https://bugs.debian.org/10)))
|
||||
- allow kill signal
|
||||
- firefox
|
||||
- Add support for widevine DRM ([MR:684](https://gitlab.com/apparmor/apparmor/-/merge_requests/684))
|
||||
- nscd
|
||||
- service fails with apparmor 3.0.0-2 on Arch Linux ([MR:651](https://gitlab.com/apparmor/apparmor/-/merge_requests/651), [AABUG:124](https://gitlab.com/apparmor/apparmor/-/issues/124))
|
||||
- fix conflict with systemd-homed ([MR:707](https://gitlab.com/apparmor/apparmor/-/merge_requests/707), [AABUG:145](https://gitlab.com/apparmor/apparmor/-/issues/145))
|
||||
- postfix
|
||||
- update for current versions ([MR:753](https://gitlab.com/apparmor/apparmor/-/merge_requests/753), [MR:717](https://gitlab.com/apparmor/apparmor/-/merge_requests/717))
|
||||
- allow access to *.lmdb files ([MR:717](https://gitlab.com/apparmor/apparmor/-/merge_requests/717))
|
||||
- samba
|
||||
- Add profile for samba-bgqd ([MR:871](https://gitlab.com/apparmor/apparmor/-/merge_requests/871), [BOO:1191532](https://bugzilla.opensuse.org/show_bug.cgi?id=1191532))
|
||||
- support paths used by Arch Linux ([MR:883](https://gitlab.com/apparmor/apparmor/-/merge_requests/883))
|
||||
|
|
@ -216,13 +290,10 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
- allow reading under /usr/share/samba ([MR:853](https://gitlab.com/apparmor/apparmor/-/merge_requests/853))
|
||||
- include snippet generated at runtime on Debian and openSUSE ([MR:838](https://gitlab.com/apparmor/apparmor/-/merge_requests/838))
|
||||
- Fix file_mmap violation for [MR:819](https://gitlab.com/apparmor/apparmor/-/merge_requests/819), [BOO#1192336](https://bugzilla.opensuse.org/show_bug.cgi?id=1192336))
|
||||
|
||||
- rpc.statd
|
||||
- add hosts_access abstraction and /etc/nfs.conf{,.d/} ([MR:866](https://gitlab.com/apparmor/apparmor/-/merge_requests/866))
|
||||
|
||||
- syslogd
|
||||
- Update support for inetutils-syslogd ([MR:888](https://gitlab.com/apparmor/apparmor/-/merge_requests/888))
|
||||
|
||||
- zgrep
|
||||
- new profile ([MR:870](https://gitlab.com/apparmor/apparmor/-/merge_requests/870))
|
||||
- allow executing egrep and fgrep ([MR:892](https://gitlab.com/apparmor/apparmor/-/merge_requests/892))
|
||||
|
|
@ -249,6 +320,22 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
- fix aa_policy_cache when using system parser ([MR:782](https://gitlab.com/apparmor/apparmor/-/merge_requests/782))
|
||||
- add options to skip specific profiles ([MR:677](https://gitlab.com/apparmor/apparmor/-/merge_requests/677))
|
||||
- Fix location of config dir ([MR:762](https://gitlab.com/apparmor/apparmor/-/merge_requests/762), [AABUG:177](https://gitlab.com/apparmor/apparmor/-/issues/177))
|
||||
- test recursive include in preamble ([MR:750](https://gitlab.com/apparmor/apparmor/-/merge_requests/750))
|
||||
- Rewrite gen-dbus in python ([MR:747](https://gitlab.com/apparmor/apparmor/-/merge_requests/747))
|
||||
- utils: Increase include and abi rule test coverage to 100% ([MR:741](https://gitlab.com/apparmor/apparmor/-/merge_requests/741), [MR:735](https://gitlab.com/apparmor/apparmor/-/merge_requests/735))
|
||||
- severity.py: bump test coverage to 100% ([MR:737](https://gitlab.com/apparmor/apparmor/-/merge_requests/737))
|
||||
- Enable minitools tests ([MR:696](https://gitlab.com/apparmor/apparmor/-/merge_requests/696))
|
||||
- add re_match_include_parse() test with invalid rule name ([MR:695](https://gitlab.com/apparmor/apparmor/-/merge_requests/695))
|
||||
- Add missing test for ProfileList add_alias() ([MR:694](https://gitlab.com/apparmor/apparmor/-/merge_requests/694))
|
||||
- Convert gen-xtrans from perl to python ([MR:673](https://gitlab.com/apparmor/apparmor/-/merge_requests/673))
|
||||
- Fix regression tests when using in tree parser ([MR:653](https://gitlab.com/apparmor/apparmor/-/merge_requests/653))
|
||||
- Test for full parser error messages, not parts ([MR:632](https://gitlab.com/apparmor/apparmor/-/merge_requests/632))
|
||||
- fix aa_policy_cache when using system parser ([MR:788](https://gitlab.com/apparmor/apparmor/-/merge_requests/788))
|
||||
- check for loopback module on pivot_root test ([MR:781](https://gitlab.com/apparmor/apparmor/-/merge_requests/781))
|
||||
- fix test failure due to mmap semantic changes
|
||||
- fix i18n.sh regression test on arm64 ([MR:765](https://gitlab.com/apparmor/apparmor/-/merge_requests/765), [LP:1932331](https://bugs.launchpad.net/bugs/1932331))
|
||||
- Add README on tests regarding single test execution ([MR:761](https://gitlab.com/apparmor/apparmor/-/merge_requests/761))
|
||||
|
||||
|
||||
|
||||
# infastructure
|
||||
|
|
@ -258,9 +345,16 @@ These release notes cover all changes between 3.1 (7c7224004c31389229877634a217f
|
|||
- add built test files to gitignore ([MR:826](https://gitlab.com/apparmor/apparmor/-/merge_requests/826))
|
||||
- CI: always collect test artifacts ([MR:787](https://gitlab.com/apparmor/apparmor/-/merge_requests/787))
|
||||
- Generate and keep html in utils coverage-regression ([MR:771](https://gitlab.com/apparmor/apparmor/-/merge_requests/771))
|
||||
- Add aa-features-abi and utils coverage files to .gitignore ([MR:748](https://gitlab.com/apparmor/apparmor/-/merge_requests/748))
|
||||
- enable utils coverage-regression checks in CI ([MR:697](https://gitlab.com/apparmor/apparmor/-/merge_requests/697))
|
||||
|
||||
|
||||
# Documentation
|
||||
- apparmor.d man page
|
||||
- fix typos ([MR:789](https://gitlab.com/apparmor/apparmor/-/merge_requests/789), [AABUG:192](https://gitlab.com/apparmor/apparmor/-/issues/192))
|
||||
- tree wide spelling, comment and typo fixes ([MR:687](https://gitlab.com/apparmor/apparmor/-/merge_requests/687), [MR:887](https://gitlab.com/apparmor/apparmor/-/merge_requests/887), [MR:789](https://gitlab.com/apparmor/apparmor/-/merge_requests/789), [AABUG:192](https://gitlab.com/apparmor/apparmor/-/issues/192), [MR:692](https://gitlab.com/apparmor/apparmor/-/merge_requests/692), [MR:669](https://gitlab.com/apparmor/apparmor/-/merge_requests/669), [MR:650](https://gitlab.com/apparmor/apparmor/-/merge_requests/650), [MR:646](https://gitlab.com/apparmor/apparmor/-/merge_requests/646), [MR:777](https://gitlab.com/apparmor/apparmor/-/merge_requests/777))
|
||||
- Improve AARE documentation in apparmor.d manpage ([MR:715](https://gitlab.com/apparmor/apparmor/-/merge_requests/715))
|
||||
- fix parser.conf commenting on pinning an abi ([MR:648](https://gitlab.com/apparmor/apparmor/-/merge_requests/648))
|
||||
- update generated pot files
|
||||
- apparmor.7 add info about complain mode and kernel parameters ([MR:722](https://gitlab.com/apparmor/apparmor/-/merge_requests/722))
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue