AppArmor 2.12 is an incremental release of the user space components
of the AppArmor security project. The kernel portion of the project
is maintained and pushed separately.
This version of the userspace should work with all kernel versions from
2.6.15 and later (some earlier version of the kernel if they have the
apparmor patches applied). And supports features released in the 4.8
kernel and ubuntu 16.10 kernel with the apparmor 3 development patches.
Note: These release notes cover all changes between 2.11 (bzr r3613)
and 2.12 (7f72fd0f, 2017-12-24).
There aren't any release notes for 2.11.95 aka 2.12 beta1.
Also note that this is the first release after switching from launchpad/bzr
There is a semantic change in the 4.8 kernel (commit
9f834ec18defc369d73ccf9e87a2790bfa05bf46 fixing CVE-2019-11190) that affects apparmor policy
enforcement. Specifically it affects when the m permission bit is
checked for elf binary executables. Policy and tests within apparmor
2.12 have been updated to support running on pre 4.8 and 4.8+ kernels.
Highlighted new features
Reworked Yast interface (aa-logprof --json and aa-genprof --json)