Release Notes 2.7
AppArmor 2.7 is incremental improvement over AppArmor 2.6, that has focused on bug fixing and internal cleanups of the userspace code over new features. AppArmor 2.7 is purely a userspace release, it leverages the same kernel code as AppArmor 2.5.
- For information on other versions please see AppArmor versions
New Features and Improvements¶
AppArmor release wide changes¶
- Merged in Several patches carried by Ubuntu and opensuse
- Support for systemd
- Improved Debian packaging and build
aa_status¶
- completely rewritten (in python) and updated
aa_notify¶
- fix notifier so that it works on opensuse
AppArmor Parser¶
- add capability syslog support
- support for rlimit cpu
- conf file to control optimization settings
- improved debugging dumps
- build improvements and cleanups to code
- check parser's own time stamp with respect to binary cache
- improved profile attachment specification handling
- better support of older kernel with compiles involving network rules
- multiple minore bug fixes
AppArmor Utils (aa-genprof/aa-logprof)¶
- update log entry types
- prefer /var/log/syslog over /var/log/messages
- turn off printk ratelimiting while generating profiles
- add capability syslog
- Fix px/Px cx/Cx permission modifiers so they aren't always lower case
- fix subprofile whitespacing
AppArmor Library (libapparmor)¶
- new fn aa_find_moutpoint
- new fn aa_is_enabled
- new fn aa_getcon
- new fn aa_gettaskcon
- new fn aa_getpeercon
apparmor.vim¶
- add pux and PUX permissions
- add capability syslog
AppArmor Profiles¶
- multiarch paths
- update with capability syslog
- multiple minor profile improvements
- /var/run -> /run updates
initscripts¶
- systemd support add to rc.apparmor.functions
- actually skip loading profiles that are reported as skipped
- properly handle child profile separators
- unload hats first