This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.5
---------------
apparmor (2.10.95-0ubuntu2.5) xenial; urgency=medium
* debian/lib/apparmor/functions, debian/apparmor.init,
debian/apparmor.service, debian/apparmor.upstart,
debian/lib/apparmor/profile-load: Adjust the checks that previously kept
AppArmor policy from being loaded while booting a container. Now we
attempt to load policy if we're in a LXD or LXC managed container that is
using profile stacking inside of a policy namespace. (LP: #1628285)
* Fix regression tests for stacking so that the kernel SRU process is not
interrupted by failing tests whenever the AppArmor stacking features are
backported from the 16.10 kernel or when the 16.04 LTS Enablement Stack
receives a 4.8 or newer kernel
- debian/patches/r3509-tests-fix-exec_stack-errors-1.patch: Fix the
exec_stack.sh test when running on 4.8 or newer kernels (LP: #1628745)
- debian/patches/r3558-tests-fix-exec_stack-errors-2.patch: Adjust the
exec_stack.sh fix mentioned above to more accurately test kernels older
than 4.8 (LP: #1630069)
- debian/patches/allow-stacking-tests-to-use-system.patch: Apply this
patch earlier in the series, as to match when it was committed upstream,
so that the above two patches can be cherry-picked from lp:apparmor
-- Tyler Hicks <tyhi...@canonical.com> Fri, 07 Oct 2016 05:21:44 +0000
** Changed in: apparmor (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1628295
Title:
Change in kernel stacking behavior causes regression tests to fail
Status in apparmor package in Ubuntu:
Fix Released
Status in apparmor source package in Trusty:
New
Status in apparmor source package in Xenial:
Fix Released
Status in apparmor source package in Yakkety:
Fix Released
Bug description:
[Impact]
* Two regression tests fail due to a behavior change in recent Xenial
and Yakkety kernels
* Adjusting the regression tests appropriately allows the kernel and
security teams to use QRT's test-apparmor.py to test kernel and
userspace AppArmor changes with confidence
[Test Case]
$ apt-get source apparmor # make sure this fetches the new apparmor source
$ sudo apt-get install libapparmor-dev
$ cd tests/regression/apparmor
$ make USE_SYSTEM=1
$ sudo bash stackonexec.sh
Error: transition failed. Test 'STACKONEXEC (stacked with unconfined -
okcon)' was expected to 'pass'. Reason for failure 'FAIL - current mode
"enforce" != expected_mode "mixed"'
Error: transition passed. Test 'STACKONEXEC (stacked with unconfined - bad
mode)' was expected to 'fail'
$ sudo bash stackprofile.sh
Error: transition failed. Test 'STACKPROFILE (stacked with unconfined -
okcon)' was expected to 'pass'. Reason for failure 'FAIL - current mode
"enforce" != expected_mode "mixed"'
The two previous commands should result in no output and return value of 0
once
the regression test is properly updated.
[Regression Potential]
* This is an extremely low risk change since it only touches
regression testing code that is not user-facing.
[Other Info]
* This bug has already been fixed upstream:
https://bazaar.launchpad.net/~apparmor-
dev/apparmor/master/revision/3505
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1628295/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
