Accepted apparmor 2.13.2-10 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 30 Mar 2019 13:23:11 +0000
Source: apparmor
Architecture: source
Version: 2.13.2-10
Distribution: unstable
Urgency: medium
Maintainer: Debian AppArmor Team <pkg-apparmor-team@lists.alioth.debian.org>
Changed-By: intrigeri <intrigeri@debian.org>
Closes: 922378 923273
Changes:
apparmor (2.13.2-10) unstable; urgency=medium
.
* Don't load AppArmor policy when running in a Debian Live environment
that uses overlayfs (Closes: #922378).
Rationale: the storage stack set up by live-boot with overlayfs
is not supported by our AppArmor policy at the moment, resulting
in breakage of confined software such as Evince and LibreOffice.
* Ship nvidia_modprobe in enforce mode (Closes: #923273).
- Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
on #923273#32, profiles in complain mode can chew up essentially
unlimited amounts of non-swappable kernel memory and huge amounts
of IO bandwidth logging ALLOWED messages, which can in turn
use large amounts of storage. This is why Ubuntu has applied this change
already for their upcoming release.
- Scope of this change: in Buster, this profile is used in one single place
— the usr.lib.libreoffice.program.soffice.bin profile — for which it was
developed and tested in the first place. So the risk and potential
problematic impact of this change seems pretty low.
* Cherry-pick the most important and non-invasive fixes
from the upstream apparmor-2.13 maintenance branch:
- base abstraction: allow mr on *.so* in common library paths,
i.e. don't assume all common libraries' name starts with "lib".
At the very least, this fixes Qt5 applications under some
VirtualBox graphics configuration, where otherwise they would
not start at all (Closes: Tails#16414).
Upstream commits: 8dff7dc, 08f9d16
- Fix 2 segfaults spotted upstream while writing automated tests
for the multicache support (upstream MR!348):
· in overlaydirat_for_each, segfault caused by repeatedly freeing
the same memory area;
· when loading policy cache files, due to incorrect size passed
to qsort().
Upstream commits: 5704fba, 01aec04
Checksums-Sha1:
a9013217c60d28cfbe13d7520ba577bb7e7c8dcb 3370 apparmor_2.13.2-10.dsc
5ca751a41ecbbf10d661af93619708ba966f90f3 106724 apparmor_2.13.2-10.debian.tar.xz
2167d38451ffc09d477f9776f36a8a2dc1f39648 12688 apparmor_2.13.2-10_amd64.buildinfo
Checksums-Sha256:
743547b3a693f0873f02860a5df8ec909544f9f7f54e97899ee0cb5bec518c60 3370 apparmor_2.13.2-10.dsc
2777537b493f5e3aea89aa41ba9e7664615d3e36be2d87d5ddc63bd9c1f4bc43 106724 apparmor_2.13.2-10.debian.tar.xz
cd7162a0107ec56b11e04be917888fa9bcaec9b557d6e3c9678cb00ca57327cc 12688 apparmor_2.13.2-10_amd64.buildinfo
Files:
3c672555c361f8ef2bfc0b82663db815 3370 admin optional apparmor_2.13.2-10.dsc
e502da89e89963573abc5198c2cb35f1 106724 admin optional apparmor_2.13.2-10.debian.tar.xz
f86cb90f05b76c8da1e90e9c15b6d3a4 12688 admin optional apparmor_2.13.2-10_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEHRt1x6SY9ZXd6PxEAfr306of05kFAlyfd2cACgkQAfr306of
05n4NBAApGRMDMQAAUjGu805TjD70ckwL7fj2BvI0FcFFTv6SFs9vNUuAz1E8pUl
rXVbnohRGcgGWNDeZXjA6bv/CKZ5nP4W6iN7h7/bBGokDXiKw7Ohq95fsxZPxh+Q
ht6elr/78wjNYexw+MtZeu1V0FEzL2HB4fwvJR7NWVrZJPRpkyouQKaNdBSuHBo6
dVOLC4AeQKv2ry431CMoIlJdAWyUCen3uscSbXZs1aNbOVJeM8CnJO/FSv1AvcM2
PVQD8XV+zYlsQUnRY0zmxXfWSAkSb1YaYrfhkuTxjpDVno5b+6ANmd7WUrAQ4iSj
VF5MzzhElNngiicWmyYBfs+PYf3hiTJJhJ97cIWMs4b4GB2V5n1KFpLGYRclf1Dn
xnQ+JhWmK1X6QSLbYzVNCh6TXGAnBSeG8vgYTMuSsvv3DcFksREQ9QCsXdISJUso
nV9G3LroD2g2D0oip8BEst9leBhpHoVgk4wOz1pASjd0ILERyGp2AHuouZbmYJhj
tOcAU+Qd3wx/9ofxdAXzt3hj4uQnaz3EfhGE5UCk/y2MIwD/8V5EttRFg3bATdrT
KYRmhBk64u/ylLhHioIXyrzGeHRoqPJAt3VA3QXMcDpBN3FZNAxevrp4WagMbODg
tYljovaXPLXrdNv6Wdg3j0lhqNk4JSAQvcbnex6RNKd6I0XdLkg=
=7V6j
-----END PGP SIGNATURE-----