mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Update Release_Notes_2.13.2
John Johansen
parent
9f84fb7701
commit
2a70ed458a
1 changed files with 29 additions and 81 deletions
|
|
@ -22,114 +22,62 @@ Tarball
|
|||
- signature: <https://launchpad.net/apparmor/2.13/2.13.2/+download/apparmor-2.13.2.tar.gz.asc>
|
||||
|
||||
|
||||
Build Infrastructure
|
||||
--------------------
|
||||
|
||||
???
|
||||
- fix FTBFS w/older glibc
|
||||
|
||||
|
||||
Policy Compiler (a.k.a apparmor\_parser)
|
||||
----------------------------------------
|
||||
- Fix failures due to -M only setting compile-features
|
||||
- Don't hard code the location of netinet/in.h.
|
||||
|
||||
???
|
||||
- allow specifying the parser config file
|
||||
|
||||
Init
|
||||
----
|
||||
- fix permissions of apparmor.systemd helper script
|
||||
- skip XBPS conffile artifacts
|
||||
- Ignore *.orig and *.rej files when loading profiles
|
||||
- Fix syntax error in rc.apparmor.functions which could cause policy load failures
|
||||
|
||||
|
||||
Library
|
||||
-------
|
||||
|
||||
???
|
||||
- do not honor $LIBAPPARMOR_DEBUG when `secure_getenv` is undefined
|
||||
|
||||
Utils
|
||||
-----
|
||||
|
||||
???
|
||||
- genprof/logprof
|
||||
- error out on nested child profiles which are not currently supported
|
||||
|
||||
- aa-notify
|
||||
- make message about notify-send package cross-distro compatible
|
||||
- Read user's configuration file from XDG_CONFIG_HOME
|
||||
|
||||
- sandbox.py
|
||||
- remove unused exception binding
|
||||
- Fix viewing a local inactive profile in aa-genprof
|
||||
- Ensure last line in a profile is valid
|
||||
- Fix handling of options when serializing profiles
|
||||
- Fix minitools for named profiles
|
||||
- Fix preview when viewing profile changes
|
||||
|
||||
|
||||
Policy
|
||||
------
|
||||
???
|
||||
- Use @{sys} tunable in profiles and abstractions
|
||||
|
||||
- Profiles
|
||||
- support distributions which merge sbin into bin
|
||||
- ping: support void linux binary location
|
||||
- traceroute: support void linux binary location
|
||||
- dnsmasq
|
||||
- add paths for NetworkManager connection sharing
|
||||
- add permission to open log files
|
||||
- allow running Thunderbird wrapper script
|
||||
- ntpd
|
||||
- allow access to ntp clockstat
|
||||
- add openntpd drift and socket files
|
||||
- support void linux binary location
|
||||
- samba
|
||||
- allow smbd to load new shared libraries
|
||||
- allow winbindd to read and write new kerberos cache location
|
||||
- nmbd
|
||||
- add missing files
|
||||
- support writing to /run/systemd/notify
|
||||
- smbd add missing pid lock file
|
||||
- update usr.sbin.useradd to support usr-merge
|
||||
- Add profile names to all profiles with {bin,sbin} attachment except for the dnsmasq profile
|
||||
|
||||
- dovecot: allow reading /proc/sys/fs/suid_dumpable
|
||||
- postalias: allow locking /etc/aliases.db
|
||||
- dnsmasq:
|
||||
- Add pid file used by NetworkManager
|
||||
- Adjust pattern for log files to comply with SELinux
|
||||
|
||||
- Tunables
|
||||
- Make variables value more readable by avoiding the use of too many alternations.
|
||||
- Add uid and uids kernel var placeholders
|
||||
|
||||
- Abstractions
|
||||
- add qt5 abstraction
|
||||
- add qt5-compose-cache-write abstraction
|
||||
- ubuntu-email: add new Thunderbird executable path
|
||||
- ubuntu-browsers.d/user-files: disallow access to the dirs of private files
|
||||
- private-files: disallow writes to thumbnailer dir (LP: #1788929)
|
||||
- private-files-strict: disallow access to the dirs of private files
|
||||
- user-files: disallow access to the dirs of private files
|
||||
- remove antiquated abstractions/launchpad-integration
|
||||
- kde: use qt5 abstration
|
||||
- samba: add missing log files
|
||||
- add recent documents write abstraction and update abstractions to use it
|
||||
- add OpenCL abstraction
|
||||
- kde: drop redundant rules for icons access
|
||||
- ssl
|
||||
- add dehydrated certificate support
|
||||
- support new location for ssl-params file
|
||||
- php: allow ICU (unicode support) data tables
|
||||
- Python:
|
||||
- add support for python 3.7
|
||||
- allow /usr/local/lib/python3/dist-packages
|
||||
- freedesktop.org:
|
||||
- factor out duplicated path components with variables
|
||||
- treat Flatpak exports the same way as bits shipped by the distro.
|
||||
- simplify by not attempting to guess the exhaustive list of files that can exist in {~/.local/share,/usr/share}/applications/.
|
||||
- refactor for consistency.
|
||||
- nvidia
|
||||
- opencl: don't allow PUx on nvidia-modprobe
|
||||
- use nvidia_modprobe profile inside opencl-nvidia
|
||||
|
||||
- private-files: deny ~/.mutt**
|
||||
- private-files-strict: audit deny ~/.aws
|
||||
- ssl_key: Add /etc/letsencrypt/archive
|
||||
- Add vulkan abstraction
|
||||
|
||||
Tests
|
||||
-----
|
||||
- mount regression test: convert mount test to use MS_NODE
|
||||
- use --config-file in tests so they are unaffected by the system parser.conf file
|
||||
- error out on superfluous TODOs
|
||||
- disable abi/ok_10 and abi/ok_12 tests
|
||||
- Remove TODO notes from no-longer-failing tests
|
||||
- add utils/test/common_test.pyc to gitignore
|
||||
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
- update documentation to references gitlab and updated bug reporting procedures.
|
||||
- apparmor(7): document various debugging options.
|
||||
- aa-notify(8): update user's configuration file path
|
||||
|
||||
|
||||
Note
|
||||
|
|
@ -139,4 +87,4 @@ There is a semantic change in the 4.8 kernel (commit
|
|||
9f834ec18defc369d73ccf9e87a2790bfa05bf46) that affects apparmor policy
|
||||
enforcement. Specifically it affects when the m permission bit is
|
||||
checked for elf binary executables. Policy and tests within apparmor
|
||||
2.12 and later have been updated to support running on pre 4.8 and 4.8+ kernels.
|
||||
2.12 and later have been updated to support running on pre 4.8 and 4.8+ kernels.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue