ubuntu-core-security (15.04.11) vivid; urgency=medium

  * seccomp/default:
    - add ARM private syscalls: breakpoint, cacheflush, set_tls, usr26, usr32
    - add getrandom, ugetrlimit, sched_getattr, sched_rr_get_interval
    - add getxattr, setxattr and listxattr family of calls

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 22 Apr 2015 16:48:28 -0500

ubuntu-core-security (15.04.10) vivid; urgency=medium

  * seccomp/default: allow futimesat, utime, utimensat, and utimes
  * apparmor/default: revert /dev/** change. Snappy will instead maintain
    click-apparmor .additional files for these (and add the access only if
    cgroups restrictions are in effect)
  * allow 'udevadm trigger --verbose --dry-run --tag-match=snappy-assign'.
    Access for using '--property-match=SNAPPY_APP=<pkgname>' will be handled
    elsewhere for now

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 22 Apr 2015 10:22:04 -0500

ubuntu-core-security (15.04.9) vivid; urgency=medium

  * apparmor/default: also allow reads on /dev/ now that the device cgroup
    only contains the devices specific to this app

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 22 Apr 2015 05:53:11 -0500

ubuntu-core-security (15.04.8) vivid; urgency=medium

  * debian/control: ubuntu-core-security-utils Depends on python3-yaml

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 21 Apr 2015 20:46:44 -0500

ubuntu-core-security (15.04.7) vivid; urgency=medium

  * seccomp/default:
    - add clock_getres, clock_gettime and clock_nanosleep
    - add statfs, statfs64, fstatfs and fstatfs64
    - remove rarely used NUMA memory syscalls
    - remove restart_syscall (only to be used by the kernel) and uselib (not
      used on modern systems)
    - explicityly kernel keyring syscalls
  * debian/README.seccomp: add switch_endian to list (added since last time
    for powerpc)

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 21 Apr 2015 18:38:49 -0500

ubuntu-core-security (15.04.6) vivid; urgency=medium

  * add capget to default seccomp policy
  * explicitly deny umount in apparmor and seccomp default policy
  * explicitly deny remount in the apparmor default policy

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 21 Apr 2015 15:18:28 -0500

ubuntu-core-security (15.04.5) vivid; urgency=medium

  * add statvfs (and fstatvfs) needed by 'sed'
  * adjust default policy to allow /dev/[^s][^h][^m]** since we will be using
    cgroups to enforce hardware restrictions until LP: 1444679 is implemented
    in apparmor
  * network-client and network-service actually should have all the same
    syscalls except: network-service has socketpair. When LP: 1446748 is
    implemented we can use syscall arg filtering to make 'socket' more
    fine-grained
  * debian/control: Conflicts, not Breaks on apparmor-easyprof-ubuntu-snappy

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 21 Apr 2015 07:52:22 -0500

ubuntu-core-security (15.04.4) vivid; urgency=medium

  * explicity deny mount and mknod too
  * add some missing syscalls: eventfd, eventfd2, exit, ftime, get_mempolicy,
    get_robust_list, ipc, mremap, msgctl, msgget, msgrcv, msgsnd,
    restart_syscall, rt_sigqueueinfo, rt_tgsigqueueinfo, set_thread_area,
    signal, sigaction, sigaltstack, sigpending, sigprocmask, sigreturn and
    sigsuspend to seccomp default policy

 -- Jamie Strandboge <jamie@ubuntu.com>  Mon, 20 Apr 2015 14:35:59 -0500

ubuntu-core-security (15.04.3) vivid; urgency=medium

  * explicitly deny ptrace (trace) in the policy since it currently allows
    breaking out of seccomp sandbox
  * correct path to policy groups for --include-policy-dir

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 14 Apr 2015 18:04:22 -0500

ubuntu-core-security (15.04.2) vivid; urgency=medium

  * update autopkgtests to include compatibility templates and policy groups
  * debian/control:
    - don't Build-Depends on seccomp (it is not needed at this time)
    - adjust ubuntu-core-security-seccomp to not Depends on seccomp (it only
      ships data files)
    - adjust ubuntu-core-security-utils to Depends on seccomp for amd64, i386
      and armhf
  * update default apparmor policy to allow running /usr/bin/ldd
  * add app-specific rules for access to /{dev,run}/shm (LP: #1443612)

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 10 Apr 2015 17:06:11 -0500

ubuntu-core-security (15.04.1) vivid; urgency=medium

  * Initial release. It provides:
    - the apparmor policies for Ubuntu Core
    - the seccomp policies for Ubuntu Core
    - various utilies including sc-filtergen for generating template-based
      seccomp filters
    - replaces apparmor-easyprof-ubuntu-snappy and sets up compatibility
      symlinks which can be dropped when packages stop using them

 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 09 Apr 2015 22:32:20 -0500
