Update Release_Notes_4.0 alpha2

2025-03-04 08:24:42 +01:00 · 2023-08-10 23:48:18 +00:00 · 2023-08-10 23:48:18 +00:00 · c4f08496e7
commit c4f08496e7
parent e6564b9ab3
1 changed files with 5 additions and 4 deletions
--- a/Release_Notes_4.0-alpha2.md
+++ b/Release_Notes_4.0-alpha2.md
@ -57,8 +57,9 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
 | user ns        | Y              | Y <sup>1</sup> | N                | N                      | Y <sup>2</sup> |
 | aa-status filters | N | N | n/a | N | N |
 | aa-load | N | N | n/a | Y | N |
-
-
+| unconfined ns restriction | N              | Y <sup>8</sup> | N                | N                      | Y |
+| unconfined change_profile stacking | N              | Y <sup>8</sup> | N                | N                      | Y |
+| unconfined io_uring restriction | N              | Y <sup>8</sup> | N                | N                      | Y |



@ -70,6 +71,7 @@ Apprmor 4.0 is a bridge release between older AppArmor 3.x policy and the newer
 5. If more than 12 transitions are used in a profile, AppArmor 3.x will fail
 6. Will break older policy if variable is not defined. Variable can be manually defined in older parser.
 7. AppArmor 3.x will not break but will use declared abi, instead of extending abi when a rule not in the abi is declared in policy.
+8. These features if enabled will change unconfined's behavior but can be disabled with either a grub kernel boot parameter or sysctl depending on the kernel.

 in beta
 |Feature       | policy extension |breaks 3.x      |supported by utils|requires 4.x libapparmor|requires kernel support|
@ -82,14 +84,13 @@ in beta
 AppArmor 4.1 or later
 |Feature       | policy extension |breaks 3.x      |supported by utils|requires 4.x libapparmor|requires kernel support|
 |:---:           |:---:           |:---:           |:---:             |:---:                   |:---:|
-
 | multiple policy locations | N | Y <sup>3</sup> | n/a | Y | N |
 | location specific configs | N | Y <sup>3</sup> | n/a | Y | N |
 | user conditional | Y              | Y <sup>1</sup> | N                | N                      | Y <sup>2</sup> |
 | -O rule-refactor | N              | N | n/a               | N                      | N |
 | kernel supports conditional | Y              | Y <sup>1</sup> | N                | N                      | N |
 | abi supports conditional | Y              | Y <sup>1</sup> | N                | N                      | N |
-
+| replace unconfined | N              | Y  | N                | N                      | N |


 ## Compatibility