Debian
apparmor package

apparmor 2.11.1-4 source package in Debian

Changelog

apparmor (2.11.1-4) unstable; urgency=medium

  * Bump pinned feature set to linux-image-4.14.0-1's, version 4.14.2-1
    - Pinning a feature set without "mount", as we did before this change,
      breaks mount operations due to a bug in the kernel (Closes: #883703).
      Thanks to Fabian Grünbichler and Felix Geyer for reporting this.
    - AppArmor maintainers in Debian have been testing 4.14 without pinning
      for a while and all the known issues were fixed; it's time to enable
      4.14's features so we can learn what parts of our policy still need
      updates (Closes: #880078, #877581).
  * Move features file to /usr/share/apparmor-features (Closes: #883682).
    Thanks to Fabian Grünbichler <email address hidden> for the patch.
  * Document in apparmor/README.Debian where online documentation wrt. AppArmor
    on Debian lives (Closes: #845232). Thanks to Wouter Verhelst and Jean-Michel
    Vourgère for the suggestion.
  * Improve usability of apparmor-notify:
    - notify.conf: unset use_group.
      aa-notify checks that it can read the selected log file — and aborts
      if it can't — before it checks group membership vs. use_group, so in
      practice setting use_group is only useful for users who are allowed
      to read logs but don't want to see notifications. This seems to be
      a corner case, easily addressed per-user (~/.apparmor/notify.conf)
      or system-wide (by deinstalling apparmor-notify).
      So let's instead optimize for a more common use case, i.e. users who can
      read logs and want to see the notifications. This change does not
      impact the most common use case, i.e. desktop users who are not allowed
      to read logs (Closes:  #880859).
    - Document in apparmor-notify/README.Debian that one must be in the "adm"
      group to use aa-notify.
    Thanks to Lisandro Damián Nicanor Pérez Meyer and Salvatore Bonaccorso
    whose combined bug reports lead to this solution.
  * /lib/apparmor/functions: don't delete /etc/apparmor.d/cache/CACHEDIR.TAG
    ourselves (necessary, but not sufficient, to fix #883584).
  * Declare compliance with Standards-Version 4.1.2.

 -- intrigeri <email address hidden>  Thu, 07 Dec 2017 07:32:02 +0000

Upload details

Uploaded by:
Debian AppArmor Team
Uploaded to:
Sid
Original maintainer:
Debian AppArmor Team
Architectures:
any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
apparmor_2.11.1-4.dsc 3.3 KiB 04dc5447fd89af241309418b21869692f11be178d655290fc64f59d1291ba0e0
apparmor_2.11.1.orig.tar.gz 4.8 MiB e8e2b22c18e6b6741c1f96942398923b97316b53d86408629f922d5689ec3507
apparmor_2.11.1.orig.tar.gz.asc 837 bytes aef10725e03660510c7273d5f2e3a86121f76bf9ad3d036d66991235fcb5784d
apparmor_2.11.1-4.debian.tar.xz 84.2 KiB 36b4623f0f1cf4b3d242b17a1b06837d58692af002d38c56141575548d9f1888

No changes file available.

Binary packages built by this source