Hello Ryan, or anyone else affected, Accepted apparmor into plucky-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apparmor/4.1.0~beta5-0ubuntu14.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- plucky to verification-done-plucky. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-plucky. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: apparmor (Ubuntu Plucky) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-plucky -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2110688 Title: apparmor parser incorrectly treats norelatime mount flag as a no-op Status in apparmor package in Ubuntu: Fix Released Status in apparmor source package in Plucky: Fix Committed Status in apparmor source package in Questing: Fix Released Bug description: [ Impact ] The parser did not handle the norelatime mount flag correctly, essentially treating its addition to a list of mount flags as a no-op. A test should also be included to ensure that the behavior is fixed and not broken again. [ Test Plan ] This bug is caught by an addition to AppArmor's regression test suite, which is also invoked via its QRT test suite via `ApparmorTestsuites.test_regression_testsuite`. * To prepare the QRT test suite (can be done on any machine): - `git clone https://git.launchpad.net/qa-regression-testing` - `./scripts/make-test-tarball ./scripts/test-apparmor.py` * To run the QRT test suite: - Copy the tarball onto the machine with the new AppArmor installed and extract it - `sudo ./install-packages test-apparmor.py` - Reboot the machine - `sudo ./test-apparmor.py -v` Unfortunately, the regression testsuite itself has no way of printing the full list of tests it successfully executed. Below are instructions for running the regression test suite by hand, including the modified mount test: * `apt install dpkg-dev pkg-config libapparmor-dev` * `apt-get source apparmor` * Verify that the downloaded version is 4.1.0~beta5-0ubuntu14.1 or greater * Verify that patch debian/patches/ubuntu/regression-verify-documented-mount-flag-behavior.patch was applied upon download * cd [source]/tests/regression/apparmor * Ensure that all the parent directories of the regression test folder are world-readable and world-executable, and 'chmod o+rx' any that are not * USE_SYSTEM=1 make -j[num] * If running the whole regression testsuite, the `make` command might print out warnings about skipped tests due to missing packages. Install any packages that it says are missing * If running the whole regression testsuite, 'sudo USE_SYSTEM=1 make tests' * If running just the mount tests, 'sudo USE_SYSTEM=1 bash mount.sh' and manually 'echo $?' afterwards to check that it exited with a status of 0 [ Where problems could occur ] This parser fix changes the behavior of mount rules that explicitly specify the norelatime flag. In particular, a custom profile containing `mount options in (norelatime)` will have different, more permissive behavior than before (reducing regression risk as compared to tightening behavior). However, this flag is not used in any of the commonly used profiles (including the ones in our repo and the profile fragments used by snapd), so this will not change the behavior of existing packaged profiles being used. [ Other Info ] This bug was originally reported at https://gitlab.com/apparmor/apparmor/-/merge_requests/1679. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2110688/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
