Introduction
AppArmor 2.10.5 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately.
This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied).
AppArmor 2.10.5 was released 2019-06-15.
Obtaining the Release
These release notes cover all changes between 2.10.4 (758ec0cd) and 2.10.5 (6a871a50) apparmor-2.10 branch.
Tarball
- https://launchpad.net/apparmor/2.10/2.10.5/+download/apparmor-2.10.5.tar.gz
- sha256sum: 94d6db4789423ed6f025e939b12720e1b8536a1dfabb0ff5f3265a584314bf8a
- signature: https://launchpad.net/apparmor/2.10/2.10.5/+download/apparmor-2.10.5.tar.gz.asc
Changes in This Release
Build Infrastructure
- add files to .gitignore
- fix libapparmor swig 4 failure 'aa_log_record' object has no attribute '__getattr__' (BUG33)
Policy Compiler (a.k.a apparmor_parser)
- fix abi rule skipping core dump on bad file names (MR298)
- fix parsing of target profile NAME in directed transitions “px -> NAME" (MR334)
Policy
-
Profiles
- dnsmasq:
- add permission to open log files
- dovecot:
- allow FD passing between dovecot and dovecot's anvil (MR336)
- allow chroot'ing the auth processes (MR336)
- let dovecot/anvil rw the auth-penalty socket (MR336)
- auth processes need to read from postfix auth socket (MR336)
- add abstractions/ssl_certs to lmtp (MR336)
- allow master to use SIGTERM on children that are slow to die (MR357)
- identd: allow network netlink dgram (MR353)
- syslog-ng: add abstractions/python for python-parser (MR361)
- dnsmasq:
-
Abstractions
- fonts:
- nameservice: allow access to /run/netconfig/resolv.conf (boo1097370)
- qt5-compose-cache-write: fix anonymous shared memory access (MR301)
- qt5-settings-write: fix anonymous shared memory access (MR302)
- ssl_certs,keys: add support for libdehydrated in /var/lib/ (MR299)
Tests
- fix mount test to use next available loop device (MR379)