Ryan Lee (d6491356) at 12 Mar 22:23
Merge parser/libapparmor_re: constify expr-tree node APIs and trave...
... and 78 more commits
Another patch that is now necessary due to LP: #2143810 (testing still in progress):
Index: b/profiles/apparmor.d/openvpn
===================================================================
--- a/profiles/apparmor.d/openvpn
+++ b/profiles/apparmor.d/openvpn
@@ -66,6 +66,9 @@
# integration with NetworkManager
file rw @{run}/NetworkManager/nm-openvpn-*,
file PUx /{usr/,}lib{exec,/NetworkManager}/nm-openvpn-service-openvpn-helper,
+ # Account for upstream NetworkManager fix for CVE-2025-9615
+ # These are certs to be imported by the OpenVPN NetworkManager plugin
+ file r @{run}/NetworkManager/@{rand6}
# integration with systemd notification system
file w @{run}/systemd/notify,Noting that this came up in LP: #2143674 and LP: #2143625, but as the breakage reported by the latter doesn't seem to be apparmor related, I'm punting on actually getting this in.
This is slightly cleaned up from the version in Ubuntu's apparmor-profiles-extra package.
Signed-off-by: Ryan Lee [email protected]
Ryan Lee (6d07b72d) at 11 Mar 17:54
profiles: abstractions: add gstreamer abstraction
... and 44 more commits
I can understand why you included the tinyproxy and spread test changes in the same MR, but I personally would have split them into separate MRs. If you decide to keep them in the same MR, could you please update the description accordingly?
Do we want to merge kernel_supports_permstable32 and kernel_supports_permstable32_version into a single int? It'd also make more sense to call the newer version kernel_supported_permstable_32_version since this version indicator is semantically not a boolean, unlike the other kernel_supports_* variables.
Do we want to leave a comment about why we use AC_CHECK_TYPES instead of AC_CHECK_TYPE?
Ryan Lee (a30bab66) at 27 Feb 18:26
Ryan Lee (a30bab66) at 27 Feb 00:55
libapparmor: add test for libapparmor features prefix parsing issue
This is a test for commit
72430293 ("libapparmor: fix feature matching for aa_feature_supports")
of Gitlab MR !1608 fixing LP: #2105986.
Signed-off-by: Ryan Lee [email protected]
Ryan Lee (1c94ba6b) at 27 Feb 00:54
libapparmor: add test for libapparmor features prefix parsing issue
... and 11 more commits
Ryan Lee (5993ff21) at 24 Feb 18:53
Ryan Lee (7c1f8f7b) at 20 Feb 20:41
Merge parser: set umask before creating temp file
... and 5 more commits
Ryan Lee (be2835bf) at 20 Feb 20:35
Revert "tests: add expected denial for lsusb cap_sys_admin"
Ryan Lee (d51a9241) at 20 Feb 19:01
Ryan Lee (6c1cda74) at 20 Feb 19:00
utils: use with statement for aa-notify NamedTemporaryFile
Ryan Lee (7c1f8f7b) at 20 Feb 18:58
Merge parser: set umask before creating temp file
... and 35 more commits
Ryan Lee (bd872642) at 20 Feb 18:58