Ran AppArmor tests from the QA Regression Tests [1] and POSIX mqueue
tests from the AppArmor test suite and they all passed as expected.
georgia@sec-jammy-amd64:~/apparmor-3.0.4/tests/regression/apparmor$ uname -a
Linux sec-jammy-amd64 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:25:40 UTC
2024
Verification passed for linux azure. I ran the AppArmor QA Regression
Tests [1] and the specific prompting tests [2] which were able to
reproduce the issue before.
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-azure #10-Ubuntu SMP Mon Nov 20 20:14:42 UTC
2023 x86_64 x86_6
Verification passed for linux gcp. I ran the AppArmor QA Regression
Tests [1] and the specific prompting tests [2] which were able to
reproduce the issue before.
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-gcp #10-Ubuntu SMP Fri Nov 17 21:33:36 UTC
2023 x86_64 x86_64 x8
Verification passed for jammy-linux-hwe-6.5. I ran the AppArmor QA
Regression Tests [1] and the specific prompting tests [2] which were
able to reproduce the issue before.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC
Mon Nov 20
Verification passed for linux gcp. I ran the AppArmor QA Regression
Tests [1] checked file permissions for /proc/sys/kernel/*unprivileged*.
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-azure #10-Ubuntu SMP Mon Nov 20 20:14:42 UTC
2023 x86_64 x86_64 x86_64 GNU/Linux
geor
Verification passed for jammy-linux-lowlatency-hwe-6.5. I ran the
AppArmor QA Regression Tests [1] checked file permissions for
/proc/sys/kernel/*unprivileged*.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-lowlatency #14.1~22.04.1-Ubuntu SMP
PREEMPT_DYNAMIC Wed Nov 22 16:24:
Verification passed for linux azure. I ran the AppArmor QA Regression
Tests [1] checked file permissions for /proc/sys/kernel/*unprivileged*.
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-azure #10-Ubuntu SMP Mon Nov 20 20:14:42 UTC
2023 x86_64 x86_64 x86_64 GNU/Linux
ge
Verification passed for jammy-linux-lowlatency-hwe-6.5. I ran the
AppArmor QA Regression Tests [1] and the specific prompting tests [2]
which were able to reproduce the issue before.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-lowlatency #14.1~22.04.1-Ubuntu SMP
PREEMPT_DYN
Verification passed for jammy-linux-hwe-6.5. I ran the AppArmor QA
Regression Tests [1] checked file permissions for
/proc/sys/kernel/*unprivileged*.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC
Mon Nov 20 18:15:30 UTC 2 x86_64
Verification passed for jammy-linux-nvidia-6.5. I ran the AppArmor QA
Regression Tests [1] and the specific prompting tests [2] which were
able to reproduce the issue before.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-1007-nvidia #7-Ubuntu SMP PREEMPT_DYNAMIC Wed Dec
6 01:27
Verification passed for jammy-linux-nvidia-6.5. I ran the AppArmor QA
Regression Tests [1] checked file permissions for
/proc/sys/kernel/*unprivileged*.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-1007-nvidia #7-Ubuntu SMP PREEMPT_DYNAMIC Wed Dec
6 01:27:37 UTC 2023 x86_64 x8
Verification passed for linux gcp. I ran the AppArmor QA Regression
Tests [1] and specific prompting tests [2].
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-gcp #10-Ubuntu SMP Fri Nov 17 21:33:36 UTC
2023 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-mantic-amd64:~/apparmo
Verification passed for jammy-linux-lowlatency-hwe-6.5. I ran the
AppArmor QA Regression Tests [1] and specific prompting tests [2].
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-lowlatency #14.1~22.04.1-Ubuntu SMP
PREEMPT_DYNAMIC Wed Nov 22 16:24:11 UTC x86_64 x86_64 x86_64
Verification passed for linux azure. I ran the AppArmor QA Regression
Tests [1] and specific prompting tests [2].
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-azure #10-Ubuntu SMP Mon Nov 20 20:14:42 UTC
2023 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-mantic-amd64:~/app
Verification passed for jammy-linux-nvidia-6.5. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2].
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-1007-nvidia #7-Ubuntu SMP PREEMPT_DYNAMIC Wed Dec 6
01:27:37 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
georgi
Verification passed for jammy-linux-hwe-6.5. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2].
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC
Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
geo
Verification passed for mantic-linux-lowlatency. I ran the AppArmor QA
Regression Tests [1] checked file permissions for
/proc/sys/kernel/*unprivileged*.
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-14-lowlatency #14.1-Ubuntu SMP PREEMPT_DYNAMIC Mon
Nov 20 13:01:26 UTC 2023 x
Verification passed for mantic-linux-lowlatency. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2].
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-14-lowlatency #14.1-Ubuntu SMP PREEMPT_DYNAMIC Mon
Nov 20 13:01:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linu
Verification passed for linux gcp. I ran the AppArmor QA Regression
Tests [1] and specific prompting tests [2].
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-gcp #10-Ubuntu SMP Fri Nov 17 21:33:36 UTC
2023 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-mantic-amd64:~/apparmo
Verification passed for linux azure. I ran the AppArmor QA Regression
Tests [1] and specific prompting tests [2].
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-azure #10-Ubuntu SMP Mon Nov 20 20:14:42 UTC
2023 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-mantic-amd64:~/app
Verification passed for jammy-linux-lowlatency-hwe-6.5. I ran the
AppArmor QA Regression Tests [1] and specific prompting tests [2].
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-lowlatency #14.1~22.04.1-Ubuntu SMP
PREEMPT_DYNAMIC Wed Nov 22 16:24:11 UTC x86_64 x86_64 x86_64
Verification passed for jammy-linux-hwe-6.5. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2].
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC
Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
geo
Verification passed for jammy-linux-nvidia-6.5. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2].
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-1007-nvidia #7-Ubuntu SMP PREEMPT_DYNAMIC Wed Dec 6
01:27:37 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
georgi
Verification passed for mantic-linux-laptop. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2]. The QA Regression
Tests that failed were due to a timeout because I'm emulating in my
machine, but they pass when the timeout is increased.
georgia@sec-mantic-arm64:~$ uname -a
Verification passed for mantic-linux-laptop. I ran the AppArmor QA
Regression Tests [1] checked file permissions for
/proc/sys/kernel/*unprivileged*. The QA Regression Tests that failed
were due to a timeout because I'm emulating in my machine, but they pass
when the timeout is increased.
georgia@
Verification passed for mantic-linux-laptop. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2]. The QA Regression
Tests that failed were due to a timeout because I'm emulating in my
machine, but they pass when the timeout is increased.
georgia@sec-mantic-arm64:~$ uname -a
Verification passed for mantic-linux-laptop. I ran the AppArmor QA
Regression Tests [1] and the specific prompting tests [2] which were
able to reproduce the issue before. The QA Regression Tests that failed
were due to a timeout because I'm emulating in my machine, but they pass
when the timeout i
Ran AppArmor tests from the QA Regression Tests [1] and POSIX mqueue
tests from the AppArmor test suite and they all passed as expected.
georgia@sec-jammy-amd64:/tmp/apparmor-3.0.4/tests/regression/apparmor$ uname -a
Linux sec-jammy-amd64 5.15.0-1048-intel-iotg #54-Ubuntu SMP Thu Jan 18 18:39:09
Ran AppArmor tests from the QA Regression Tests [1] and POSIX mqueue
tests from the AppArmor test suite and they all passed as expected.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 5.15.0-1052-ibm-gt-fips #55+fips1-Ubuntu SMP Fri Jan 19
23:25:50 UTC 2024 x86_64 x86_64 x86_64 GNU/Lin
** Description changed:
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan > /sys/kernel/
Tested on -proposed by causing the leak and checking the memory used
with "free", since CONFIG_DEBUG_KMEMLEAK is not set. It worked as
expected - the memory used shown in "free" after removing the profile
was in an expected range.
** Tags removed: verification-needed-bionic verification-needed-foc
Hi!
Could you share the kernel and apparmor version?
I tested on mantic with the configuration below and I wasn't able to reproduce
the failure for this specific test.
I did see an unrelated dbus issue with the test suite and proposed a fixed on
https://code.launchpad.net/~georgiag/qa-regression
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because
The mqueue patches are present in jammy-linux-gcp-fips: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-gcp-fips
** Tags added: verification-done-jammy-linux-gcp-fips
--
You received this bug notification because you are a member of Kernel
Packages, whic
Public bug reported:
Impact:
In AppArmor mediation, detached mounts are appearing as / when
applying mount mediation, which is incorrect and leads to bad
AppArmor policy being generated.
In addition, the move_mount mediation is not being advertised to
userspace, which denies the applications the
Ran AppArmor tests from the QA Regression Tests [1] and POSIX mqueue
tests from the AppArmor test suite and they all passed as expected.
georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 5.15.0-1056-azure #64-Ubuntu SMP Tue Feb 6 19:23:34 UTC
2024 x86_64 x86_64 x86_64 GNU/Linux
georgia@s
** Also affects: linux (Ubuntu Mantic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2052662
Title:
move_mount mediation does not detect if s
I could confirm that the patches are present in linux-bluefield and
linux-raspi: 6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-done-jammy-linux-azure
verification-needed-jammy-linux-bluefield verification-needed-jammy-linux-raspi
** Tags added: verification-done-jammy-linux-bluefi
I can confirm that the mqueue patches are present in linux-xilinx-
zynqmp: commits 6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-xilinx-zynqmp
** Tags added: verification-done-jammy-linux-xilinx-zynqmp
--
You received this bug notification because you are a mem
The mqueue patches are present in linux-nvidia-tegra: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-nvidia-tegra
** Tags added: verification-done-jammy-linux-nvidia-tegra
--
You received this bug notification because you are a member of Kernel
Packages,
The mqueue patches are present in linux-azure-fips: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-azure-fips
** Tags added: verification-done-jammy-linux-azure-fips
--
You received this bug notification because you are a member of Kernel
Packages, which
The mqueue patches are present in jammy-linux-mtk: commits 6e7ff802c7b10
and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-mtk
** Tags added: verification-done-jammy-linux-mtk
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed
*** This bug is a duplicate of bug 2051932 ***
https://bugs.launchpad.net/bugs/2051932
** This bug has been marked a duplicate of bug 2051932
attach_disconnected test from test_regression_testsuite of
ubuntu_qrt_apparmor failed with "Unable to run test sub-executable" on Mantic
--
You re
Verification in mantic was successful:
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-27-generic #28-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar
7 18:21:00 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-mantic-amd64:~$ cat
/sys/kernel/security/apparmor/features/mount/move_mount
d
Tested on bionic-proposed using the test binary that can be obtained in
the old description and it worked as expected:
root@ubuntu:~# gcc ./readlink-ns.c && sudo apparmor_parser -r
./readlink-ns.apparmor && sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
r
>From the commits mentioned that solve the issue, 338d0be437ef was not
available on 4.15 kernels. The cherry-pick was submitted to the kernel
team for approval.
** Description changed:
- Per 'man namespaces':
+ SRU Justification:
- "Permission to dereference or read (readlink(2)) these symboli
46 matches
Mail list logo
