[Kernel-packages] [Bug 2040250] Re: apparmor notification files verification

Fri, 12 Jan 2024 10:16:24 -0800 

Verification passed for jammy-linux-hwe-6.5. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2].

georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC 
Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

georgia@sec-jammy-amd64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root

georgia@sec-jammy-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py

.....
----------------------------------------------------------------------
Ran 62 tests in 1360.734s

OK (skipped=2)

[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests

** Tags removed: verification-needed-jammy-linux-hwe-6.5
** Tags added: verification-done-jammy-linux-hwe-6.5

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2040250

Title:
  apparmor notification files verification

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Mantic:
  Fix Committed

Bug description:
  apparmor notifications on the 6.5 kernel are failing verification
  between the header size and the returned size.

  When strings are appended to the notification the header size should          
  
  be updated to reflect the correct size. While the size is also                
  
  directly returned as part of delivering the notification, the header          
  
  should also be update to conform to specification and allow for               
  
  verification.                                                                 
  
                                                                                
  
  If verification is enabled and the notification contains appended             
  
  strings then notifications fail verification and won't be delivered.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2040250/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to