lp:~apparmor-dev/ubuntu-kernel-next

Author: Georgia Garcia
Author Date: 2025-02-25 22:22:13 UTC

UBUNTU: SAUCE: apparmor4.0.0 [58/58]: apparmor: add mediation of disconnected paths in mqueues

No-up: This is targeted to be upstreamed in 6.16 with the mqueue
pathc.

Fix mqueues crossing ipc namespaces mediation, by allowing attach
disconnected to be applied.

Currently mqueues crossing namespaces are not properly mediated this
can lead to two cases, either the mqueue being incorrectly allowed
across a default location, or being denied with no way of allowing
them. Resulting in applications being unable to access the mqueue.

BugLink: http://bugs.launchpad.net/bugs/2102237
Fixes: 39253b60f27e ("UBUNTU: SAUCE: apparmor4.0.0 [58/58]: Add fine grained mediation of posix mqueues")
Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: Georgia Garcia
Author Date: 2025-02-25 22:22:13 UTC

UBUNTU: SAUCE: apparmor4.0.0 [58/53]: apparmor: add mediation of disconnected paths in mqueues

No-up: This is targeted to be upstreamed in 6.16 with the mqueue
pathc.

Fix mqueues crossing ipc namespaces mediation, by allowing attach
disconnected to be applied.

Currently mqueues crossing namespaces are not properly mediated this
can lead to two cases, either the mqueue being incorrectly allowed
across a default location, or being denied with no way of allowing
them. Resulting in applications being unable to access the mqueue.

BugLink: http://bugs.launchpad.net/bugs/2102237
Fixes: 39253b60f27e ("UBUNTU: SAUCE: apparmor4.0.0 [49/53]: Add fine grained mediation of posix mqueues")
Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: Andrea Righi
Author Date: 2024-01-02 13:41:07 UTC

UBUNTU: [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS

BugLink: https://bugs.launchpad.net/bugs/2028253

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: John Johansen
Author Date: 2019-11-13 11:48:01 UTC

UBUNTU: SAUCE: apparmor4.0.0 [53/53]: enable userspace upcall for mediation

BugLink: http://bugs.launchpad.net/bugs/2028253

There are cases where userspace can provide additional information
that may be needed to make the correct mediation decision.

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from https://gitlab.com/jjohansen/apparmor-kernel)
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: John Johansen
Author Date: 2019-11-13 11:48:01 UTC

UBUNTU: SAUCE: apparmor4.0.0 [58/58]: enable userspace upcall for mediation

BugLink: http://bugs.launchpad.net/bugs/2028253

There are cases where userspace can provide additional information
that may be needed to make the correct mediation decision.

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from https://gitlab.com/jjohansen/apparmor-kernel)
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: John Johansen
Author Date: 2025-01-21 11:36:28 UTC

UBUNTU: SAUCE: apparmor4.0.0 [84/84]: apparmor: fix LSM hook call breakage due to revert of static calls

The revert of upstream commit 417c5643cd67a55f424b203b492082035d0236c3
broke the apparmor patchset where it adds some new LSM hook
functionality. Update the hooks to use the hook pattern from before
commit 417c5643cd67a55f424b203b492082035d0236c3.

Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: John Johansen
Author Date: 2024-09-09 02:07:29 UTC

UBUNTU: SAUCE: apparmor4.0.0 [83/83]: apparmor: fix allow field in notification

The allow field currently is being incorrectly set an incorrect value
that is an intersection of what is allowed and the deny field, This
is effectly the same as setting it to the same value as the deny
field as deny is computed from what is requested and ~allow.

This isn't a problem for prompt as it is only using the deny field,
but it does prevent prompt from having additional context that can
be used to improve its requests or caching.

Fix this by correctly negating the deny field before it is anded with
the request, so that allow and deny do not overlap.

Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: John Johansen
Author Date: 2024-09-06 22:01:43 UTC

UBUNTU: SAUCE: apparmor4.0.0 [99/99]: fix build error with in nfs4xdr

commit
  f58bab6fd406 ("nfsd: ensure that nfsd4_fattr_args.context is zeroed out")

in 6.11-rc6 added initializing the security context. However the
following LSM patches need to be updated to incorporate that change

    e762b0fc9c71 UBUNTU: SAUCE: apparmor4.0.0 [99/99]: LSM: Use lsmcontext in security_inode_getsecctx
    87beb9a71416 ("UBUNTU: SAUCE: apparmor4.0.0 [99/99]: LSM: Ensure the correct LSM context releaser")

Provide a post patch fix that can be dropped once the LSM patches
are updated for f58bab6fd406.

Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: John Johansen
Author Date: 2024-04-16 15:07:14 UTC

UBUNTU: SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom

BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2061851

Receive message cases are failing with an EINVAL error this is due
to the address may not be available for the receive case, but being
indicated with an addrlen of 0 not a null addr.

From a mediation pov this is fine, the address just can not be used
as part of an acceptance criteria. However the address lookup is being
done during the setup and the consistency check is failing.

Since it isn't required don't do the address verification check at
all, and leave that to other parts of the kernel. Treat any bad
address as unavailable.

Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: John Johansen
Author Date: 2024-01-04 17:00:49 UTC

UBUNTU: SAUCE: apparmor4.0.0 [94/94]: apparmor: add ability to mediate caps with policy state machine

Currently the caps encoding is very limited. Allow capabilities to
be mediated by the state machine. This will allow us to add
conditionals to capabilities that aren't possible with the current
encoding.

Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: John Johansen
Author Date: 2023-10-25 12:31:30 UTC

UBUNTU: SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc can check if restriction are in place

BugLink: http://bugs.launchpad.net/bugs/2040194

https://github.com/canonical/lxd/issues/11920#issuecomment-1756110109

lxc and lxd currently need to determine if the apparmor restriction
on unprivileged user namespaces are being enforced, so that apparmor
restrictions won't break lxc/d, and they won't clutter the logs
by doing something like

  unshare true

to test if the restrictions are being enforced.

Ideally access to this information would be restricted so that any
unknown access would be logged, but lxc/d currently aren't ready for
this so in order to _not_ force lxc/d to probe whether enforcement is
enabled, open up read access to the sysctls for unprivileged user
namespace mediation.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: John Johansen
Author Date: 2021-12-13 23:46:09 UTC

UBUNTU: SAUCE: (no-up) apparmor: Add fine grained mediation of posix mqueues

This is a SAUCE patch being SRUed to support customers that require the
feature on 22.04, instead of using an HWE kernel.

BugLink: https://bugs.launchpad.net/bugs/2045384

Add fine grained mediation of posix mqueues. Specifically this patch
adds support for differentiating mqueues based on the name in the ipc
namespace. A follow on patch will add support for implied labels, and
a third patch explicit labels. This is done in part because of
dependencies on other patches to apparmor core.

BugLink: https://bugs.launchpad.net/bugs/2045384
Signed-off-by: John Johansen <john.johansen@canonical.com>
(backported from commit 44f28e2ccee2000c7da971876dd003d38a8232d8 kinetic:linux)
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

Author: John Johansen
Author Date: 2023-11-08 00:35:09 UTC

UBUNTU: SAUCE: apparmor4.0.0 [83/83]: Fix inode_init for changed prototype

Commit
    6bcdfd2cac55 security: Allow all LSMs to provide xattrs for inode_init_security hook

changed the inode_init hook prototype. Depending on build flags this
could break the build, or just emit a warning. AppArmor does not use
the adjusted parameters, so only the parameters of the hook introduced
in
    7f3d19921386 ("UBUNTU: SAUCE: apparmor4.0.0 [07/82]: Add fine grained mediation of posix mqueues")
need to be adjusted.

Signed-off-by: John Johansen <john.johansen@canonical.com>

Author: John Johansen
Author Date: 2023-10-25 12:31:30 UTC

UBUNTU: SAUCE: apparmor4.0.0 [82/82]: apparmor: open userns related sysctl so lxc can check if restriction are in place

BugLink: http://bugs.launchpad.net/bugs/2040194

https://github.com/canonical/lxd/issues/11920#issuecomment-1756110109

lxc and lxd currently need to determine if the apparmor restriction
on unprivileged user namespaces are being enforced, so that apparmor
restrictions won't break lxc/d, and they won't clutter the logs
by doing something like

  unshare true

to test if the restrictions are being enforced.

Ideally access to this information would be restricted so that any
unknown access would be logged, but lxc/d currently aren't ready for
this so in order to _not_ force lxc/d to probe whether enforcement is
enabled, open up read access to the sysctls for unprivileged user
namespace mediation.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Andrea Righi
Author Date: 2023-09-06 13:51:04 UTC

UBUNTU: Ubuntu-6.5.0-5.5

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: Andrea Righi
Author Date: 2023-09-06 13:51:04 UTC

UBUNTU: Ubuntu-6.5.0-5.5

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: Andrea Righi
Author Date: 2023-07-26 15:45:53 UTC

UBUNTU: Ubuntu-6.4.0-1.1

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: Paolo Pisati
Author Date: 2023-06-08 14:44:41 UTC

UBUNTU: Ubuntu-6.3.0-7.7

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

Author: Andrea Righi
Author Date: 2023-04-14 10:11:49 UTC

UBUNTU: Ubuntu-6.2.0-21.21

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: Andrea Righi
Author Date: 2023-02-24 13:24:48 UTC

UBUNTU: Ubuntu-6.1.0-16.16

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>