AppArmor 3.0.9 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately.
This version of the userspace should work with all currently supported upstream kernels.
The kernel portion of the project is maintained and pushed separately.
Obtaining the Release
There are two ways to obtain this release either through gitlab or a tarball in launchpad.
Important note: the gitlab release tarballs differ from the launchpad release tarballs. The launchpad release tarball has a couple processing steps already performed:
autogen.shis already done, meaning distros only need to use ./configure in their build setup
- the docs for everything but libapparmor have already been built
- sha256sum: fd96dc4a4145fce2b7282a3c19ffab70a4003c0953ed5992cfd7820df7215f02
- signature: https://launchpad.net/apparmor/3.0/3.0.9/+download/apparmor-3.0.9.tar.gz.asc
- sha256sum: bcdd447c12171dc419ff8cb99928a4b166a6805c5d47cb09e759b53f1c3cf16a
Changes in this Release
These release notes cover all changes between 3.0.8 (474a12ebe86bb9314e482f918c589b484fd9ec2a) and 3.0.9 (af9d04d24b8d4735b76a0603db6f6017da02d403) on apparmor-3.0 branch.
- add support for “class” field in logparsing
- add support for “requested” and “denied” fields in logparsing
- add scanner support for dbus “method” field (MR:958, HUBMR:286)
Policy Compiler (a.k.a apparmor_parser)
- Fix mode not being printed when debugging AF_UNIX socket rules. (MR:979)
- Fix spacing when printing out AF_UNIX addresses (MR:978)
- Fix invalid reference to transitions when building the chfa (MR:956, AABUG:290)
- Fix log parsing crash due to bad event (MR:959)
- Add abstractions/groff with lots of groff/nroff helpers (MR:973, BOO:1065388)
- allow access to hwf.deny (MR:961)
- update for driver families and /sys path (MR:983)
- allow modifying /var/cache/samba/*.tdb (MR:988)
- allow access to all entries in pki/trust/ (MR:961)
- needs attach_disconnected (MR:960)
- add Waydroid pid file (MR:969)
- allow cat and cut (MR:953)
- allow using systemd-userdb (MR:977)
- allow reading openssl.cnf (MR:981)
- allow access to pid files directly in /run/ (MR:988)
- allow reading /var/lib/nscd/netgroup (MR:948)
- fix bogon patch characters in Makefile (MR:963)