From 3087627ce903374f85c31b1c64cb134de6cb8028 Mon Sep 17 00:00:00 2001 From: Catherine Redfield Date: Mon, 8 Apr 2024 12:23:38 -0400 Subject: [PATCH] feat(apparmor): Add policy:unconfined_restrictions feature to 6.8 kernel (LP: #2060558) Failing CPC tests show that the preseeded apparmor features don't include policy:unconfined_restrictions for the 6.8 kernel. This change adds the feature preseed with values based on a successfully booted instance. Fixes: LP: #2060558 --- .../apparmor/6.8/policy/unconfined_restrictions/change_profile | 1 + live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring | 1 + live-build/apparmor/6.8/policy/unconfined_restrictions/userns | 1 + 3 files changed, 3 insertions(+) create mode 100644 live-build/apparmor/6.8/policy/unconfined_restrictions/change_profile create mode 100644 live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring create mode 100644 live-build/apparmor/6.8/policy/unconfined_restrictions/userns diff --git a/live-build/apparmor/6.8/policy/unconfined_restrictions/change_profile b/live-build/apparmor/6.8/policy/unconfined_restrictions/change_profile new file mode 100644 index 00000000..7cfab5b0 --- /dev/null +++ b/live-build/apparmor/6.8/policy/unconfined_restrictions/change_profile @@ -0,0 +1 @@ +yes diff --git a/live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring b/live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring new file mode 100644 index 00000000..573541ac --- /dev/null +++ b/live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring @@ -0,0 +1 @@ +0 diff --git a/live-build/apparmor/6.8/policy/unconfined_restrictions/userns b/live-build/apparmor/6.8/policy/unconfined_restrictions/userns new file mode 100644 index 00000000..d00491fd --- /dev/null +++ b/live-build/apparmor/6.8/policy/unconfined_restrictions/userns @@ -0,0 +1 @@ +1