#21 Newer Apparmor 3.0.X or 3.1
Closed: Completed 2 days ago by lkocman. Opened 2 years ago by lkocman.

Am Donnerstag, 24. Juni 2021, 14:57:20 CEST schrieben Sie:

This is a notice that we are collecting packages/upgrades for SLE15
SP4 which will be the base for Leap 15.4.

If there is a particular feature or version you would like in, please
let me know.

Thanks for the reminder ;-)

Ideally we should aim for AppArmor 3.1 (not released yet) - maybe with a
fallback to 3.0.x if 3.1 is not available in time.

Some interesting new features (compared to 2.13.x) are:
- abi rules (and with that, enforcing of dbus and unix rules)
(profiles without an abi rule will not change their behaviour)
- support for "include if exists" in the tools
- "include if exists <abstractions/$abstraction.d>" in all abstractions
to make extending abstractions easier, similar to the local/* files
for profiles
- I'm sure I missed some things - if in doubt, check
and/or the summary in the Tumbleweed apparmor.changes.

The features I mentioned are already in the 3.0.x packages in
Tumbleweed, but upstream has labeled 3.0.x a short lived release - as
soon as 3.1 gets released, we shouldn't expect too much support for
3.0.x (but in worst case, backporting patches is typically easy).

On the technical side, it's probably a good idea to get the current
Tumbleweed package into SLE/Leap 15.4 as soon as possible (which means
we'll have most of the changes in and get them tested), and then upgrade
to 3.1 as soon as it's available.

I'll leave the (JIRA?) paperwork to you ;-) - but whenever the tools
allow it, feel free to add me to CC.


Christian Boltz

Metadata Update from @lkocman:
- Custom field SUSE Jira adjusted to https://jira.suse.com/browse/OPENSUSE-45

2 years ago

Metadata Update from @Pharaoh_Atem:
- Issue tagged with: SLE-Accept-Pending

2 years ago

Metadata Update from @Pharaoh_Atem:
- Issue set to the milestone: 15.4

2 years ago

Waiting for TPM Evaluation. Feature is where it should be at this point in time.

Metadata Update from @lkocman:
- Issue untagged with: SLE-Accept-Pending
- Issue tagged with: SLE-Accepted

a year ago

Waiting for 3.1.X to be present in factory, we're currently at 3.0.3

AppArmor 3.1 got delayed upstream and most likely won't make it into 15.4.

However, I just submitted 3.0.4 (SR 953288) so that we have the latest available version in 15.4.

We've just received 4.17 which was needed to update samba stack.

Metadata Update from @lkocman:
- Issue close_status updated to: Completed
- Issue status updated to: Closed (was: Open)

2 days ago

Login to comment on this ticket.