group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #07708
[Bug 1615880] Re: The inherit check for new to old label comparison for domain transitions is wrong
This bug was fixed in the package linux - 4.8.0-11.12
---------------
linux (4.8.0-11.12) yakkety; urgency=low
* change_hat is logging failures during expected hat probing (LP: #1615893)
- SAUCE: apparmor: Fix auditing behavior for change_hat probing
* deleted files outside of the namespace are not being treated as
disconnected
(LP: #1615892)
- SAUCE: apparmor: deleted dentries can be disconnected
* stacking to unconfined in a child namespace confuses mediation
(LP: #1615890)
- SAUCE: apparmor: special case unconfined when determining the mode
* apparmor module parameters can be changed after the policy is locked
(LP: #1615895)
- SAUCE: apparmor: fix: parameters can be changed after policy is locked
* AppArmor profile reloading causes an intermittent kernel BUG (LP:
#1579135)
- SAUCE: apparmor: fix vec_unique for vectors larger than 8
* label vec reductions can result in reference labels instead of direct
access
to labels (LP: #1615889)
- SAUCE: apparmor: reduction of vec to single entry is just that entry
* profiles from different namespaces can block other namespaces from being
able to load a profile (LP: #1615887)
- SAUCE: apparmor: profiles in one ns can affect mediation in another ns
* The label build for onexec when stacking is wrong (LP: #1615881)
- SAUCE: apparmor: Fix label build for onexec stacking.
* The inherit check for new to old label comparison for domain transitions
is
wrong (LP: #1615880)
- SAUCE: apparmor: Fix new to old label comparison for domain transitions
* warning stack trace while playing with apparmor namespaces (LP: #1593874)
- SAUCE: apparmor: fix stack trace when removing namespace with profiles
* __label_update proxy comparison test is wrong (LP: #1615878)
- SAUCE: apparmor: Fix __label_update proxy comparison test
* reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
(LP: #1560583)
- SAUCE: apparmor: Allow ns_root processes to open profiles file
- SAUCE: apparmor: Consult sysctl when reading profiles in a user ns
* policy namespace stacking (LP: #1379535)
- SAUCE: (no-up) apparmor: rebase of apparmor3.5-beta1 snapshot for 4.8
- SAUCE: add a sysctl to enable unprivileged user ns AppArmor policy loading
* Miscellaneous Ubuntu changes
- [Debian] Dynamically determine linux udebs package name
- [Debian] d-i -- fix dtb handling in new kernel-wedge form
- SAUCE: apparmor: Fix FTBFS due to bad include path
- SAUCE: apparmor: add data query support
- [Config] Set CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT=y
* Miscellaneous upstream changes
- fixup backout policy view capable for forward port
- apparmor: fix: Rework the iter loop for label_update
- apparmor: add more assertions for updates/merges to help catch errors
- apparmor: Make pivot root transitions work with stacking
- apparmor: convert delegating deleted files to mediate deleted files
- apparmor: add missing parens. not a bug fix but highly recommended
- apparmor: add a stack_version file to allow detection of bug fixes
- apparmor: push path lookup into mediation loop
- apparmor: default to allowing unprivileged userns policy
- apparmor: fix: permissions test to view and manage policy
- apparmor: Add Basic ns cross check condition for ipc
-- Leann Ogasawara <leann.ogasawara@xxxxxxxxxxxxx> Sat, 17 Sep 2016
10:03:16 -0700
** Changed in: linux (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1615880
Title:
The inherit check for new to old label comparison for domain
transitions is wrong
Status in AppArmor:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Yakkety:
Fix Released
Bug description:
For the purposes of inherit we should be treating a profile/label transition
to its replacement as if the replacement is the profile/label.
So make the comparison based off of the label proxy, not the label itself.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1615880/+subscriptions