group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #01409
[Bug 1560583] Re: reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
This bug was fixed in the package linux - 4.4.0-16.32
---------------
linux (4.4.0-16.32) xenial; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1561727
* fix thermal throttling due to commit "Thermal: initialize thermal zone
device correctly" (LP: #1561676)
- Thermal: Ignore invalid trip points
* Thinkpad T460: Trackpoint mouse buttons instantly generate "release" event
on press (LP: #1553811)
- SAUCE: (noup) Input: synaptics - handle spurious release of trackstick
buttons, again
* reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
(LP: #1560583)
- SAUCE: apparmor: Allow ns_root processes to open profiles file
- SAUCE: apparmor: Consult sysctl when reading profiles in a user ns
* linux: sync virtualbox drivers to 5.0.16-dfsg-2 (LP: #1561492)
- ubuntu: vbox -- update to 5.0.16-dfsg-2
* s390/kconfig: CONFIG_NUMA without CONFIG_NUMA_EMU does not make any sense on
s390x (LP: #1557690)
- [Config] CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=n for s390x
* spl/zfs fails to build on s390x (LP: #1519814)
- [Config] s390x -- re-enable zfs
- [Config] zfs -- disable powerpc until the test failures can be resolved
* linux: sync to ZFS 0.6.5.6 stable release (LP: #1561483)
- SAUCE: (noup) Update spl to 0.6.5.6-0ubuntu1, zfs to 0.6.5.6-0ubuntu1
* zfs: enable zfs for 64bit powerpc kernels (LP: #1558871)
- [Packaging] zfs -- handle rprovides via dpkg-gencontrol
- [Config] powerpc -- convert zfs configuration to custom_override
* Memory arena corruption with FUSE (was Memory allocation failure crashes
kernel hard, presumably related to FUSE) (LP: #1505948)
- SAUCE: (noup) fuse: do not use iocb after it may have been freed
- SAUCE: (noup) fuse: Add reference counting for fuse_io_priv
* cgroup namespaces: add a 'nsroot=' mountinfo field (LP: #1560489)
- SAUCE: (noup) cgroup namespaces: add a 'nsroot=' mountinfo field
* linux packaging: clear remaining redundant delta (LP: #1560445)
- [Debian] Remove generated intermediate files on clean
* arm64: guest hangs when ntpd is running (LP: #1549494)
- Revert "hrtimer: Add support for CLOCK_MONOTONIC_RAW"
- Revert "hrtimer: Catch illegal clockids"
- Revert "KVM: arm/arm64: timer: Switch to CLOCK_MONOTONIC_RAW"
* Need enough contiguous memory to support GICv3 ITS table (LP: #1558828)
- [Config] CONFIG_FORCE_MAX_ZONEORDER=13 on arm64
- SAUCE: (no-up) arm64: gicv3: its: Increase FORCE_MAX_ZONEORDER for Cavium
ThunderX
* update arcmsr to version v1.30.00.22-20151126 to fix card timeouts
(LP: #1559609)
- arcmsr: fixed getting wrong configuration data
- arcmsr: fixes not release allocated resource
- arcmsr: make code more readable
- arcmsr: adds code to support new Areca adapter ARC1203
- arcmsr: changes driver version number
- arcmsr: more readability improvements
- arcmsr: Split dma resource allocation to a new function
- arcmsr: change driver version to v1.30.00.22-20151126
* server image has no keyboard, desktop image works (LP: #1559692)
- [Config] Rework input-modules (d-i) list
* PMU support for Cavium ThunderX (LP: #1559349)
- arm64: perf: Rename Cortex A57 events
- arm64/perf: Add Cavium ThunderX PMU support
- arm64: perf: Enable PMCR long cycle counter bit
- arm64: perf: Extend event mask for ARMv8.1
- arm64: dts: Add Cavium ThunderX specific PMU
* Show ARM PMU events in perf stat (LP: #1559350)
- drivers/perf: kill armpmu_register
- arm: perf: Convert event enums to #defines
- arm: perf: Add event descriptions
- arm64: perf: Convert event enums to #defines
- arm64: perf: Add event descriptions
- ARM: perf: add format entry to describe event -> config mapping
- arm64: perf: add format entry to describe event -> config mapping
* [Bug]HSW/BDW EDAC driver reports wrong DIMM (LP: #1559904)
- EDAC/sb_edac: Fix computation of channel address
* 5-10 second delay in kernel boot with kernel command line ip= (LP: #1259861)
- [Config] disable CONFIG_IP_PNP
* Miscellaneous Ubuntu changes
- [Debian] Silence the reconstruct script
-- Tim Gardner <tim.gardner@xxxxxxxxxxxxx> Mon, 21 Mar 2016 10:15:31
-0600
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1560583
Title:
reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
$ cat ./t
#include <tunables/global>
profile t {
#include <abstractions/base>
/bin/cat ixr,
/sys/kernel/security/apparmor/profiles r,
}
$ sudo apparmor_parser -r ./t
$ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles
cat: /sys/kernel/security/apparmor/profiles: Permission denied
[1]
kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128):
apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat"
capability=33 capname="mac_admin"
This is new in the -15 kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions