← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1615895] Re: apparmor module parameters can be changed after the policy is locked

 

This bug was fixed in the package linux - 4.4.0-38.57

---------------
linux (4.4.0-38.57) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1620658

  * CIFS client: access problems after updating to kernel 4.4.0-29-generic
    (LP: #1612135)
    - Revert "UBUNTU: SAUCE: (namespace) Bypass sget() capability check for nfs"
    - fs: Call d_automount with the filesystems creds

  * apt-key add fails in overlayfs (LP: #1618572)
    - SAUCE: overlayfs: fix regression in whiteout detection

linux (4.4.0-37.56) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1618040

  * [Feature] Instruction decoder support for new SKX instructions- AVX512
    (LP: #1591655)
    - x86/insn: perf tools: Fix vcvtph2ps instruction decoding
    - x86/insn: Add AVX-512 support to the instruction decoder
    - perf tools: Add AVX-512 support to the instruction decoder used by Intel PT
    - perf tools: Add AVX-512 instructions to the new instructions test

  * [Ubuntu 16.04] FCoE Lun not visible in OS with inbox driver - Issue with
    ioremap() call on 32bit kernel (LP: #1608652)
    - lpfc: Correct issue with ioremap() call on 32bit kernel

  * [Feature] turbostat support for Skylake-SP server (LP: #1591802)
    - tools/power turbostat: decode more CPUID fields
    - tools/power turbostat: CPUID(0x16) leaf shows base, max, and bus frequency
    - tools/power turbostat: decode HWP registers
    - tools/power turbostat: Decode MSR_MISC_PWR_MGMT
    - tools/power turbostat: allow sub-sec intervals
    - tools/power turbostat: Intel Xeon x200: fix erroneous bclk value
    - tools/power turbostat: Intel Xeon x200: fix turbo-ratio decoding
    - tools/power turbostat: re-name "%Busy" field to "Busy%"
    - tools/power turbostat: add --out option for saving output in a file
    - tools/power turbostat: fix compiler warnings
    - tools/power turbostat: make fewer systems calls
    - tools/power turbostat: show IRQs per CPU
    - tools/power turbostat: show GFXMHz
    - tools/power turbostat: show GFX%rc6
    - tools/power turbostat: detect and work around syscall jitter
    - tools/power turbostat: indicate SMX and SGX support
    - tools/power turbostat: call __cpuid() instead of __get_cpuid()
    - tools/power turbostat: correct output for MSR_NHM_SNB_PKG_CST_CFG_CTL dump
    - tools/power turbostat: bugfix: TDP MSRs print bits fixing
    - tools/power turbostat: SGX state should print only if --debug
    - tools/power turbostat: print IRTL MSRs
    - tools/power turbostat: initial BXT support
    - tools/power turbostat: decode BXT TSC frequency via CPUID
    - tools/power turbostat: initial SKX support

  * [BYT] display hotplug doesn't work on console (LP: #1616894)
    - drm/i915/vlv: Make intel_crt_reset() per-encoder
    - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init()
    - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug()
    - drm/i915: Enable polling when we don't have hpd

  * [Feature]intel_idle enabling on Broxton-P (LP: #1520446)
    - intel_idle: add BXT support

  * [Feature] EDAC: Update driver for SKX-SP (LP: #1591815)
    - [Config] CONFIG_EDAC_SKX=m
    - EDAC, skx_edac: Add EDAC driver for Skylake

  * [Feature] KBL: Sandy Peak(3168) WiFi/BT support (LP: #1591648)
    - Bluetooth: Add support for Intel Bluetooth device 3168 [8087:0aa7]

  * MacBookPro11,4 fails to poweroff or suspend (LP: #1587714)
    - SAUCE: PCI: Workaround to enable poweroff on Mac Pro 11

  * Support Edge Gateway's Bluetooth LED (LP: #1512999)
    - SAUCE: Bluetooth: Support for LED on Edge Gateways
    - SAUCE: Bluetooth: Use host bridge subsystem IDs to identify Edge Gateways

  * Please add support for alps touchpad. (LP: #1616813)
    - [Config] CONFIG_HID_ALPS=m
    - HID: add Alps I2C HID Touchpad-Stick support
    - HID: alps: struct u1_dev *priv is internal to the driver
    - HID: alps: pass correct sizes to hid_hw_raw_request()
    - HID: alps: match alps devices in core
    - HID: alps: a few cleanups

  * DINO2M - System hangs with a black screen during s4 stress test
    (LP: #1616781)
    - x86/power/64: Fix kernel text mapping corruption during image restoration

  * Xenial update to v4.4.17 stable release (LP: #1611833)
    - USB: OHCI: Don't mark EDs as ED_OPER if scheduling fails
    - x86/quirks: Apply nvidia_bugs quirk only on root bus
    - x86/quirks: Reintroduce scanning of secondary buses
    - x86/quirks: Add early quirk to reset Apple AirPort card
    - dmaengine: at_xdmac: align descriptors on 64 bits
    - dmaengine: at_xdmac: fix residue corruption
    - dmaengine: at_xdmac: double FIFO flush needed to compute residue
    - mm, sl[au]b: add __GFP_ATOMIC to the GFP reclaim mask
    - mm, compaction: abort free scanner if split fails
    - fs/nilfs2: fix potential underflow in call to crc32_le
    - mm, compaction: prevent VM_BUG_ON when terminating freeing scanner
    - mm, meminit: always return a valid node from early_pfn_to_nid
    - mm, meminit: ensure node is online before checking whether pages are
      uninitialised
    - vmlinux.lds: account for destructor sections
    - pps: do not crash when failed to register
    - kernel/sysrq, watchdog, sched/core: Reset watchdog on all CPUs while
      processing sysrq-w
    - arc: unwind: warn only once if DW2_UNWIND is disabled
    - ARC: unwind: ensure that .debug_frame is generated (vs. .eh_frame)
    - xen/pciback: Fix conf_space read/write overlap check.
    - xenbus: don't BUG() on user mode induced condition
    - xenbus: don't bail early from xenbus_dev_request_and_reply()
    - Input: vmmouse - remove port reservation
    - Input: elantech - add more IC body types to the list
    - Input: xpad - fix oops when attaching an unknown Xbox One gamepad
    - Input: wacom_w8001 - w8001_MAX_LENGTH should be 13
    - Input: xpad - validate USB endpoint count during probe
    - Input: tsc200x - report proper input_dev name
    - pvclock: Add CPU barriers to get correct version value
    - pinctrl: single: Fix missing flush of posted write for a wakeirq
    - pinctrl: imx: Do not treat a PIN without MUX register as an error
    - cgroup: set css->id to -1 during init
    - power_supply: power_supply_read_temp only if use_cnt > 0
    - locks: use file_inode()
    - Revert "ecryptfs: forbid opening files without mmap handler"
    - ecryptfs: don't allow mmap when the lower fs doesn't support it
    - ext4: verify extent header depth
    - 9p: use file_dentry()
    - namespace: update event counter when umounting a deleted dentry
    - spi: sunxi: fix transfer timeout
    - spi: sun4i: fix FIFO limit
    - clk: rockchip: initialize flags of clk_init_data in mmc-phase clock
    - platform/chrome: cros_ec_dev - double fetch bug in ioctl
    - block: fix use-after-free in sys_ioprio_get()
    - mmc: block: fix packed command header endianness
    - sched/fair: Fix effective_load() to consistently use smoothed load
    - ovl: handle ATTR_KILL*
    - perf/x86: fix PEBS issues on Intel Atom/Core2
    - can: at91_can: RX queue could get stuck at high bus load
    - can: c_can: Update D_CAN TX and RX functions to 32 bit - fix Altera Cyclone
      access
    - can: fix handling of unmodifiable configuration options fix
    - can: fix oops caused by wrong rtnl dellink usage
    - RDS: fix rds_tcp_init() error path
    - SCSI: fix new bug in scsi_dev_info_list string matching
    - ipr: Clear interrupt on croc/crocodile when running with LSI
    - posix_cpu_timer: Exit early when process has been reaped
    - i2c: mux: reg: wrong condition checked for of_address_to_resource return
      value
    - libata: LITE-ON CX1-JB256-HP needs lower max_sectors
    - libceph: apply new_state before new_up_client on incrementals
    - net: mvneta: set real interrupt per packet for tx_done
    - intel_th: pci: Add Kaby Lake PCH-H support
    - intel_th: Fix a deadlock in modprobing
    - vfs: fix deadlock in file_remove_privs() on overlayfs
    - Linux 4.4.17
    - xenbus: don't look up transaction IDs for ordinary writes

  * Enable virtual scsi server driver for Power (LP: #1615665)
    - [Config] CONFIG_SCSI_IBMVSCSIS=m
    - target: Add target_alloc_session() helper function
    - ibmvscsis: Initial commit of IBM VSCSI Tgt Driver

  * AES-XTS poor performance in Ubuntu 16.04 (LP: #1613295)
    - crypto: vmx: Only call enable_kernel_vsx()
    - powerpc: Create disable_kernel_{fp,altivec,vsx,spe}()
    - crypto: vmx - Adding asm subroutines for XTS
    - crypto: xts - consolidate sanity check for keys
    - crypto: vmx - Adding support for XTS
    - crypto: vmx - Fix aes_p8_xts_decrypt build failure
    - crypto: xts - fix compile errors

  *  System hang when plug/pull USB 3.1 key via thunderbolt port over 5 times
    (LP: #1616318)
    - USB: don't free bandwidth_mutex too early

  * Ubuntu 16.04 - Full EEH Recovery Support for NVMe devices (LP: #1602724)
    - nvme: Suspend all queues before deletion

  * change_hat is logging failures during expected hat probing (LP: #1615893)
    - SAUCE: apparmor: Fix auditing behavior for change_hat probing

  * deleted files outside of the namespace are not being treated as disconnected
    (LP: #1615892)
    - SAUCE: apparmor: deleted dentries can be disconnected

  * stacking to unconfined in a child namespace confuses mediation
    (LP: #1615890)
    - SAUCE: apparmor: special case unconfined when determining the mode

  * apparmor module parameters can be changed after the policy is locked
    (LP: #1615895)
    - SAUCE: apparmor: fix: parameters can be changed after policy is locked

  * AppArmor profile reloading causes an intermittent kernel BUG (LP: #1579135)
    - SAUCE: apparmor: fix vec_unique for vectors larger than 8

  * label vec reductions can result in reference labels instead of direct access
    to labels (LP: #1615889)
    - SAUCE: apparmor: reduction of vec to single entry is just that entry

  * profiles from different namespaces can block other namespaces from being
    able to load a profile (LP: #1615887)
    - SAUCE: apparmor: profiles in one ns can affect mediation in another ns

  * vmalloc failure leads to null ptr dereference in aa_dfa_next (LP: #1592547)
    - SAUCE: apparmor: oops in profile_unpack() when policy_db is not present

  * vmalloc_addr is being checked on the failed return address of kvzalloc()
    (LP: #1615885)
    - SAUCE: apparmor: fix: don't check for vmalloc_addr if kvzalloc() failed

  * dfa is missing a bounds check which can cause an oops (LP: #1615882)
    - SAUCE: apparmor: Add missing id bounds check on dfa verification

  * The label build for onexec when stacking is wrong (LP: #1615881)
    - SAUCE: apparmor: Fix label build for onexec stacking.

  * The inherit check for new to old label comparison for domain transitions is
    wrong (LP: #1615880)
    - SAUCE: apparmor: Fix new to old label comparison for domain transitions

  * warning stack trace while playing with apparmor namespaces (LP: #1593874)
    - SAUCE: apparmor: fix stack trace when removing namespace with profiles

  * __label_update proxy comparison test is wrong (LP: #1615878)
    - SAUCE: apparmor: Fix __label_update proxy comparison test

  * Xenial update to v4.4.19 stable release (LP: #1615620)
    - usb: gadget: avoid exposing kernel stack
    - usb: f_fs: off by one bug in _ffs_func_bind()
    - usb: renesas_usbhs: protect the CFIFOSEL setting in usbhsg_ep_enable()
    - usb: dwc3: fix for the isoc transfer EP_BUSY flag
    - USB: serial: option: add support for Telit LE910 PID 0x1206
    - usb: renesas_usbhs: fix NULL pointer dereference in xfer_work()
    - arm64: kernel: Save and restore UAO and addr_limit on exception entry
    - arm64: debug: unmask PSTATE.D earlier
    - arm64: Fix incorrect per-cpu usage for boot CPU
    - tty: serial: msm: Don't read off end of tx fifo
    - serial: samsung: Fix ERR pointer dereference on deferred probe
    - tty/serial: atmel: fix RS485 half duplex with DMA
    - gpio: pca953x: Fix NBANK calculation for PCA9536
    - gpio: intel-mid: Remove potentially harmful code
    - Bluetooth: hci_intel: Fix null gpio desc pointer dereference
    - pinctrl: cherryview: prevent concurrent access to GPIO controllers
    - arm64: dts: rockchip: fixes the gic400 2nd region size for rk3368
    - arm64: mm: avoid fdt_check_header() before the FDT is fully mapped
    - KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures
    - KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE
    - KVM: MTRR: fix kvm_mtrr_check_gfn_range_consistency page fault
    - KVM: VMX: handle PML full VMEXIT that occurs during event delivery
    - KVM: nVMX: Fix memory corruption when using VMCS shadowing
    - intel_pstate: Fix MSR_CONFIG_TDP_x addressing in core_get_max_pstate()
    - mfd: qcom_rpm: Fix offset error for msm8660
    - mfd: qcom_rpm: Parametrize also ack selector size
    - media: usbtv: prevent access to free'd resources
    - media: dvb_ringbuffer: Add memory barriers
    - vb2: core: Skip planes array verification if pb is NULL
    - Fix RC5 decoding with Fintek CIR chipset
    - sur40: lower poll interval to fix occasional FPS drops to ~56 FPS
    - sur40: fix occasional oopses on device close
    - dm: set DMF_SUSPENDED* _before_ clearing DMF_NOFLUSH_SUSPENDING
    - hp-wmi: Fix wifi cannot be hard-unblocked
    - s5p-mfc: Set device name for reserved memory region devs
    - s5p-mfc: Add release callback for memory region devs
    - i2c: efm32: fix a failure path in efm32_i2c_probe()
    - spi: pxa2xx: Clear all RFT bits in reset_sccr1() on Intel Quark
    - Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
    - EDAC: Correct channel count limit
    - HID: uhid: fix timeout when probe races with IO
    - ovl: disallow overlayfs as upperdir
    - remoteproc: Fix potential race condition in rproc_add
    - ARC: mm: don't loose PTE_SPECIAL in pte_modify()
    - jbd2: make journal y2038 safe
    - fs/cifs: make share unaccessible at root level mountable
    - cifs: Check for existing directory when opening file with O_CREAT
    - cifs: fix crash due to race in hmac(md5) handling
    - CIFS: Fix a possible invalid memory access in smb2_query_symlink()
    - random: initialize the non-blocking pool via add_hwgenerator_randomness()
    - random: print a warning for the first ten uninitialized random users
    - random: add interrupt callback to VMBus IRQ handler
    - MIPS: KVM: Fix mapped fault broken commpage handling
    - MIPS: KVM: Add missing gfn range check
    - MIPS: KVM: Fix gfn range check in kseg0 tlb faults
    - MIPS: KVM: Propagate kseg0/mapped tlb fault errors
    - nfs: don't create zero-length requests
    - nfsd: Fix race between FREE_STATEID and LOCK
    - nfsd: don't return an unhashed lock stateid after taking mutex
    - drm/i915: Don't complain about lack of ACPI video bios
    - iommu/exynos: Suppress unbinding to prevent system failure
    - iommu/vt-d: Return error code in domain_context_mapping_one()
    - iommu/amd: Handle IOMMU_DOMAIN_DMA in ops->domain_free call-back
    - iommu/amd: Init unity mappings only for dma_ops domains
    - iommu/amd: Update Alias-DTE in update_device_table()
    - audit: fix a double fetch in audit_log_single_execve_arg()
    - ARM: dts: sunxi: Add a startup delay for fixed regulator enabled phys
    - netlabel: add address family checks to netlbl_{sock,req}_delattr()
    - w1:omap_hdq: fix regression
    - drm/amdgpu: add a delay after ATPX dGPU power off
    - drm/amdgpu: Poll for both connect/disconnect on analog connectors
    - drm/amdgpu: support backlight control for UNIPHY3
    - drm/amdgpu: Disable RPM helpers while reprobing connectors on resume
    - drm/amdgpu: fix firmware info version checks
    - drm/amdgpu/gmc7: add missing mullins case
    - drm/radeon: add a delay after ATPX dGPU power off
    - drm/radeon: Poll for both connect/disconnect on analog connectors
    - drm/radeon: fix firmware info version checks
    - drm/radeon: support backlight control for UNIPHY3
    - drm/nouveau/gr/nv3x: fix instobj write offsets in gr setup
    - drm/nouveau/fbcon: fix font width not divisible by 8
    - drm: Restore double clflush on the last partial cacheline
    - drm/edid: Add 6 bpc quirk for display AEO model 0.
    - drm/i915: Never fully mask the the EI up rps interrupt on SNB/IVB
    - drm/i915/dp: Revert "drm/i915/dp: fall back to 18 bpp when sink capability
      is unknown"
    - balloon: check the number of available pages in leak balloon
    - ftrace/recordmcount: Work around for addition of metag magic but not
      relocations
    - metag: Fix __cmpxchg_u32 asm constraint for CMP
    - block: add missing group association in bio-cloning functions
    - block: fix bdi vs gendisk lifetime mismatch
    - mtd: nand: fix bug writing 1 byte less than page size
    - mm/hugetlb: avoid soft lockup in set_max_huge_pages()
    - ALSA: hda: Fix krealloc() with __GFP_ZERO usage
    - ALSA: hda/realtek - Can't adjust speaker's volume on a Dell AIO
    - ALSA: hda: add AMD Bonaire AZ PCI ID with proper driver caps
    - ALSA: hda - Fix headset mic detection problem for two dell machines
    - IB/mlx5: Fix MODIFY_QP command input structure
    - IB/mlx5: Fix entries checks in mlx5_ib_create_cq
    - IB/mlx5: Fix returned values of query QP
    - IB/mlx5: Fix entries check in mlx5_ib_resize_cq
    - IB/mlx5: Fix post send fence logic
    - IB/mlx5: Return PORT_ERR in Active to Initializing tranisition
    - IB/SA: Use correct free function
    - IB/IPoIB: Don't update neigh validity for unresolved entries
    - IB/IWPM: Fix a potential skb leak
    - IB/mlx4: Fix the SQ size of an RC QP
    - IB/mlx4: Fix error flow when sending mads under SRIOV
    - IB/mlx4: Fix memory leak if QP creation failed
    - of: fix memory leak related to safe_name()
    - ubi: Make volume resize power cut aware
    - ubi: Fix early logging
    - ubi: Fix race condition between ubi device creation and udev
    - iscsi-target: Fix panic when adding second TCP connection to iSCSI session
    - target: Fix ordered task target_setup_cmd_from_cdb exception hang
    - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP
    - target: Fix race between iscsi-target connection shutdown + ABORT_TASK
    - target: Fix max_unmap_lba_count calc overflow
    - target: Fix ordered task CHECK_CONDITION early exception handling
    - Input: elan_i2c - properly wake up touchpad on ASUS laptops
    - SUNRPC: Don't allocate a full sockaddr_storage for tracing
    - MIPS: mm: Fix definition of R6 cache instruction
    - MIPS: Don't register r4k sched clock when CPUFREQ enabled
    - MIPS: hpet: Increase HPET_MIN_PROG_DELTA and decrease HPET_MIN_CYCLES
    - PCI: Mark Atheros AR9485 and QCA9882 to avoid bus reset
    - x86/platform/intel_mid_pci: Rework IRQ0 workaround
    - ACPI / EC: Work around method reentrancy limit in ACPICA for _Qxx
    - rtc: s3c: Add s3c_rtc_{enable/disable}_clk in s3c_rtc_setfreq()
    - dm flakey: error READ bios during the down_interval
    - module: Invalidate signatures on force-loaded modules
    - Documentation/module-signing.txt: Note need for version info if reusing a
      key
    - Linux 4.4.19

  * xfrm: ipsec crash when updating spd thresholds (LP: #1613787)
    - xfrm: Ignore socket policies when rebuilding hash tables

  * ISST-LTE:pKVM311:lotg5:Ubutu16041:lotg5 crashed @
    writeback_sb_inodes+0x30c/0x590 (LP: #1614565)
    - writeback: Write dirty times for WB_SYNC_ALL writeback

  * IBM Power 720 Ethernet Not Seen (LP: #1612725)
    - [Config] CONFIG_IBMEBUS=y for powerpc

  * CAPI: Update default setting for the psl_fir_cntl register (LP: #1612431)
    - cxl: Set psl_fir_cntl to production environment value

  * Xenial update to v4.4.18 stable release (LP: #1614560)
    - tcp: enable per-socket rate limiting of all 'challenge acks'
    - ipv4: reject RTNH_F_DEAD and RTNH_F_LINKDOWN from user space
    - bonding: set carrier off for devices created through netlink
    - net: bgmac: Fix infinite loop in bgmac_dma_tx_add()
    - net/irda: fix NULL pointer dereference on memory allocation failure
    - qed: Fix setting/clearing bit in completion bitmap
    - tcp: consider recv buf for the initial window scale
    - ipath: Restrict use of the write() interface
    - scsi: ignore errors from scsi_dh_add_device()
    - HID: sony: do not bail out when the sixaxis refuses the output report
    - i2c: i801: Allow ACPI SystemIO OpRegion to conflict with PCI BAR
    - arm: oabi compat: add missing access checks
    - KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace
    - Revert "s390/kdump: Clear subchannel ID to signal non-CCW/SCSI IPL"
    - random: strengthen input validation for RNDADDTOENTCNT
    - devpts: clean up interface to pty drivers
    - x86/mm/pat: Add support of non-default PAT MSR setting
    - x86/mm/pat: Add pat_disable() interface
    - x86/mm/pat: Replace cpu_has_pat with boot_cpu_has()
    - x86/mtrr: Fix Xorg crashes in Qemu sessions
    - x86/mtrr: Fix PAT init handling when MTRR is disabled
    - x86/xen, pat: Remove PAT table init code from Xen
    - x86/pat: Document the PAT initialization sequence
    - x86/mm/pat: Fix BUG_ON() in mmap_mem() on QEMU/i386
    - drm/i915: Pretend cursor is always on for ILK-style WM calculations (v2)
    - x86/syscalls/64: Add compat_sys_keyctl for 32-bit userspace
    - block: fix use-after-free in seq file
    - sysv, ipc: fix security-layer leaking
    - fuse: fsync() did not return IO errors
    - fuse: fuse_flush must check mapping->flags for errors
    - fuse: fix wrong assignment of ->flags in fuse_send_init()
    - fs/dcache.c: avoid soft-lockup in dput()
    - crypto: gcm - Filter out async ghash if necessary
    - crypto: scatterwalk - Fix test in scatterwalk_done
    - ext4: check for extents that wrap around
    - ext4: fix deadlock during page writeback
    - ext4: don't call ext4_should_journal_data() on the journal inode
    - ext4: validate s_reserved_gdt_blocks on mount
    - ext4: short-cut orphan cleanup on error
    - ext4: fix reference counting bug on block allocation error
    - mm: memcontrol: fix cgroup creation failure after many small jobs
    - mm: memcontrol: fix swap counter leak on swapout from offline cgroup
    - mm: memcontrol: fix memcg id ref counter on swap charge move
    - Linux 4.4.18

  * Ubuntu16.10:installation fails on Brazos system (31TB and 192 cores) No
    memory for flatten_device_tree (no room) (LP: #1614309)
    - SAUCE: powerpc/pseries: Increase RMA size to 512MB.

  * [SRU] xgene_enet: 10g performance only hits ~75% on multi-client tests
    (LP: #1613157)
    - drivers: net: xgene: Add support for Classifier engine
    - drivers: net: xgene: Add support for RSS
    - drivers: net: xgene: Add support for multiple queues

  * [SRU] xgene_enet: an extra interrupt may be pending for an interrupt
    controller that doesn't support irq_disable and hardware with level
    interrupt (LP: #1611399)
    - drivers: net: xgene: fix extra IRQ issue

  * Mic mute hotkey does not work on usb keyboard [03f0:2f4a] (LP: #1609606)
    - HID: input: add mic mute key on HP slim keyboard

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Tue, 30 Aug 2016 12:24:30
-0600

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1615895

Title:
  apparmor module parameters can be changed after the policy is locked

Status in AppArmor:
  New
Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Incomplete

Bug description:
  the policy_lock parameter is a one way switch that prevents policy              
  from being further modified. Unfortunately some of the module parameters        
  can effectively modify policy by turning off enforcement.                       
                                                                                  
  split policy_admin_capable into a view check and a full admin check,            
  and update the admin check to test the policy_lock parameter.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1615895/+subscriptions