Hello Georgia, or anyone else affected, Accepted apparmor into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: apparmor (Ubuntu Jammy) Status: Incomplete => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1994146 Title: [SRU] apparmor - Focal, Jammy Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Focal: In Progress Status in apparmor source package in Jammy: Fix Committed Bug description: [ Impact ] This is a SRU proposal for apparmor in Focal and Jammy. For focal, we want to SRU fixes for Bug 1964636 which introduces the capability upstream patches. We are also fixing Bug 1728130 and Bug 1993353 which are introducing full backport of abi from apparmor-3.0 and support for POSIX message queue rules, which are both a request from Honeywell. Note that specifically for message queue rules, we are overriding the abi behavior. Message queue mediation is not a part of the 2.13 abi we are pinning. Honeywell has a kernel that has message queue mediation, but their policy does not contain an abi specified, so when we pin the abi for a kernel that does not mediate message queue, it will break Honeywell's AppArmor policies. So we are making an exception: when abi is not specified in the policy, and the policy contain mqueue rules, we are enforcing mqueue rules. When the policy does not contain mqueue rules, then they are not being enforced. This is so we do not break Honeywell policies and we also are not breaking policies that were developed when there was no mqueue or abi support. For jammy, we are SRUing fixes for Bug 1993353 which adds message queue rules support. [ Test Plan ] This has been extensively tested by using QA Regression Tests[1] for AppArmor. All tests have passed and demonstrated AppArmor to be working as expected. We are also adding regression tests for message queue rules[2] which guarantees it is working as expected. [1] https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py [2] https://gitlab.com/apparmor/apparmor/-/merge_requests/858 [ Where problems could occur ] The message queue rules support could cause issues for AppArmor policies that were developed before there was support for mqueues, that's why we are also backporting abi support and pinning the abi on parser.conf on focal. Jammy already has the abi pinned for a kernel that does not have support for mqueue mediation. [ Other Info ] The patches for both focal and jammy can be found at: https://launchpad.net/~georgiag/+archive/ubuntu/mqueue-sru/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1994146/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
