mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Create Release_Notes_2.13.2
John Johansen
parent
ab260415f9
commit
b777762034
1 changed files with 142 additions and 0 deletions
142
Release_Notes_2.13.2.md
Normal file
142
Release_Notes_2.13.2.md
Normal file
|
|
@ -0,0 +1,142 @@
|
|||
Introduction
|
||||
============
|
||||
|
||||
AppArmor 2.13.2 is an incremental release of the user space components
|
||||
of the AppArmor security project. The kernel portion of the project
|
||||
is maintained and pushed separately.
|
||||
|
||||
This version of the userspace should work with all kernel versions from
|
||||
2.6.15 and later (some earlier version of the kernel if they have the
|
||||
apparmor patches applied). And supports features released in the 4.18
|
||||
kernel and ubuntu 18.04 kernel with the apparmor 3 development patches.
|
||||
|
||||
AppArmor 2.13.2 was released 2018-12-16.
|
||||
|
||||
|
||||
# Obtaining the Release
|
||||
These release notes cover all changes between 2.13.1 (2e922a9a9b31088c9d0f9760f7e1c71f8ad5d4b9) and 2.13.2 (???) [apparmor-2.13 branch](https://gitlab.com/apparmor/apparmor/tree/apparmor-2.13).
|
||||
|
||||
Tarball
|
||||
- <https://launchpad.net/apparmor/2.13/2.13.2/+download/apparmor-2.13.2.tar.gz>
|
||||
- sha256sum: ???
|
||||
- signature: <https://launchpad.net/apparmor/2.13/2.13.2/+download/apparmor-2.13.2.tar.gz.asc>
|
||||
|
||||
|
||||
Build Infrastructure
|
||||
--------------------
|
||||
|
||||
???
|
||||
- fix FTBFS w/older glibc
|
||||
|
||||
|
||||
Policy Compiler (a.k.a apparmor\_parser)
|
||||
----------------------------------------
|
||||
|
||||
???
|
||||
- allow specifying the parser config file
|
||||
|
||||
Init
|
||||
----
|
||||
- fix permissions of apparmor.systemd helper script
|
||||
- skip XBPS conffile artifacts
|
||||
|
||||
|
||||
Library
|
||||
-------
|
||||
|
||||
???
|
||||
- do not honor $LIBAPPARMOR_DEBUG when `secure_getenv` is undefined
|
||||
|
||||
Utils
|
||||
-----
|
||||
|
||||
???
|
||||
- genprof/logprof
|
||||
- error out on nested child profiles which are not currently supported
|
||||
|
||||
- aa-notify
|
||||
- make message about notify-send package cross-distro compatible
|
||||
- Read user's configuration file from XDG_CONFIG_HOME
|
||||
|
||||
- sandbox.py
|
||||
- remove unused exception binding
|
||||
|
||||
|
||||
Policy
|
||||
------
|
||||
???
|
||||
|
||||
- Profiles
|
||||
- support distributions which merge sbin into bin
|
||||
- ping: support void linux binary location
|
||||
- traceroute: support void linux binary location
|
||||
- dnsmasq
|
||||
- add paths for NetworkManager connection sharing
|
||||
- add permission to open log files
|
||||
- allow running Thunderbird wrapper script
|
||||
- ntpd
|
||||
- allow access to ntp clockstat
|
||||
- add openntpd drift and socket files
|
||||
- support void linux binary location
|
||||
- samba
|
||||
- allow smbd to load new shared libraries
|
||||
- allow winbindd to read and write new kerberos cache location
|
||||
- nmbd
|
||||
- add missing files
|
||||
- support writing to /run/systemd/notify
|
||||
- smbd add missing pid lock file
|
||||
- update usr.sbin.useradd to support usr-merge
|
||||
|
||||
- Tunables
|
||||
- Make variables value more readable by avoiding the use of too many alternations.
|
||||
- Add uid and uids kernel var placeholders
|
||||
|
||||
- Abstractions
|
||||
- add qt5 abstraction
|
||||
- add qt5-compose-cache-write abstraction
|
||||
- ubuntu-email: add new Thunderbird executable path
|
||||
- ubuntu-browsers.d/user-files: disallow access to the dirs of private files
|
||||
- private-files: disallow writes to thumbnailer dir (LP: #1788929)
|
||||
- private-files-strict: disallow access to the dirs of private files
|
||||
- user-files: disallow access to the dirs of private files
|
||||
- remove antiquated abstractions/launchpad-integration
|
||||
- kde: use qt5 abstration
|
||||
- samba: add missing log files
|
||||
- add recent documents write abstraction and update abstractions to use it
|
||||
- add OpenCL abstraction
|
||||
- kde: drop redundant rules for icons access
|
||||
- ssl
|
||||
- add dehydrated certificate support
|
||||
- support new location for ssl-params file
|
||||
- php: allow ICU (unicode support) data tables
|
||||
- Python:
|
||||
- add support for python 3.7
|
||||
- allow /usr/local/lib/python3/dist-packages
|
||||
- freedesktop.org:
|
||||
- factor out duplicated path components with variables
|
||||
- treat Flatpak exports the same way as bits shipped by the distro.
|
||||
- simplify by not attempting to guess the exhaustive list of files that can exist in {~/.local/share,/usr/share}/applications/.
|
||||
- refactor for consistency.
|
||||
- nvidia
|
||||
- opencl: don't allow PUx on nvidia-modprobe
|
||||
- use nvidia_modprobe profile inside opencl-nvidia
|
||||
|
||||
|
||||
Tests
|
||||
-----
|
||||
- mount regression test: convert mount test to use MS_NODE
|
||||
- use --config-file in tests so they are unaffected by the system parser.conf file
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
- update documentation to references gitlab and updated bug reporting procedures.
|
||||
|
||||
|
||||
Note
|
||||
====
|
||||
|
||||
There is a semantic change in the 4.8 kernel (commit
|
||||
9f834ec18defc369d73ccf9e87a2790bfa05bf46) that affects apparmor policy
|
||||
enforcement. Specifically it affects when the m permission bit is
|
||||
checked for elf binary executables. Policy and tests within apparmor
|
||||
2.12 and later have been updated to support running on pre 4.8 and 4.8+ kernels.
|
||||
Loading…
Add table
Reference in a new issue