[{"id":3672994,"web_url":"http://patchwork.ozlabs.org/comment/3672994/","msgid":"<0294bfa8-c87c-45a1-bdb9-9e4d29096978@canonical.com>","list_archive_url":null,"date":"2026-04-03T06:11:22","subject":"ACK: [SRU][Q][PATCH 0/2] fix network mediation issues","submitter":{"id":85372,"url":"http://patchwork.ozlabs.org/api/people/85372/","name":"Masahiro Yamada","email":"masahiro.yamada@canonical.com"},"content":"On 4/3/26 03:49, Georgia Garcia wrote:\n> BugLink: https://bugs.launchpad.net/bugs/2142860\n>\n> SRU Justification:\n>\n> [Impact]\n>\n> During a rebase the code to wire in the fine grained inet mediation\n> for sock_file_perm got dropped. This breaks network mediation if\n> v8/v9 fine grained inet mediation is used, which was the case for\n> the policy that was updated to use abi 5.0 added in apparmor 5.0.0~alpha2\n>\n> [Fix]\n>\n> Cherry-pick resolute:linux commits:\n> 5240899d3fb2e01b88ecceb2c53921dd64b74c75\n> 7cb6769a2d96ab3b6da8ca401936a22745523bad\n>\n> [Test Plan]\n>\n> There are two test cases:\n>\n> 1. using flatpak:\n> $ sudo apt install flatpak\n> $ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo\n> $ flatpak install flathub com.brave.Browser\n> $ flatpak run com.brave.Browser\n>\n> When the browser opens, make sure it can open any website\n> (https://ubuntu.com/ for example)\n>\n> 2. using sbuild with unshare backend\n>\n> $ sudo apt install sbuild mmdebstrap uidmap\n>\n> Create a file called .sbuildrc in your home directory with the\n> following contents:\n>\n> $mailto = 'foo@bar.com';\n> $maintainer_name='Foo Bar <foo@bar.com>';\n> #$build_dep_resolver=\"apt\";\n> $chroot_mode = \"unshare\";\n> 1;\n>\n> Edit /etc/apt/sources.list.d/ubuntu.sources adding deb-src to Types:\n>\n> Types: deb deb-src\n>\n> $ sudo apt update\n> $ apt source apparmor\n> $ cd apparmor-5.0.0~beta1/\n> $ sbuild -d resolute\n>\n> Make sure you don't see any \"Connection failed\" messages during the\n> step \"I: Setting up apt archive...\" and that build completes\n> successfully.\n>\n> [Where problems could occur]\n>\n> The regression can be considered as low since both fixes have been\n> applied to the resolute kernel.\n>\n> John Johansen (2):\n>    UBUNTU: SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet\n>      mediation sock_file_perm\n>    UBUNTU: SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr\n>      mediation binding\n>\n>   security/apparmor/af_inet.c | 2 +-\n>   security/apparmor/audit.c   | 2 +-\n>   security/apparmor/net.c     | 9 ++++++++-\n>   3 files changed, 10 insertions(+), 3 deletions(-)\n>\nAcked-by: Masahiro Yamada <masahiro.yamada@canonical.com>","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=gSUunoxd;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fn7f40Y5Yz1yD3\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 03 Apr 2026 17:11:40 +1100 (AEDT)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1w8Xkg-0005z6-8T; Fri, 03 Apr 2026 06:11:30 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <masahiro.yamada@canonical.com>)\n id 1w8Xke-0005yP-4c\n for kernel-team@lists.ubuntu.com; Fri, 03 Apr 2026 06:11:28 +0000","from mail-pj1-f70.google.com (mail-pj1-f70.google.com\n [209.85.216.70])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 532103F13F\n for <kernel-team@lists.ubuntu.com>; Fri,  3 Apr 2026 06:11:27 +0000 (UTC)","by mail-pj1-f70.google.com with SMTP id\n 98e67ed59e1d1-35641c14663so1519763a91.2\n for <kernel-team@lists.ubuntu.com>; Thu, 02 Apr 2026 23:11:27 -0700 (PDT)","from ?IPV6:2001:f74:8f00:c00:6aff::1002?\n ([2001:f74:8f00:c00:6aff::1002]) by smtp.gmail.com with ESMTPSA id\n 98e67ed59e1d1-35de51d5847sm609282a91.2.2026.04.02.23.11.23\n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Thu, 02 Apr 2026 23:11:24 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775196687;\n bh=i0l1vGZV3pldPOqRbZ/VrWJQf7Xm9J75gzzbbHWDweo=;\n h=Message-ID:Date:MIME-Version:Subject:To:References:From:\n In-Reply-To:Content-Type;\n b=gSUunoxdN1mf/veJI4JlX1aBSEUXrS2Lkn/kwRtH/5/eYA7Tuo2UN78ApatXtFp6Q\n aPqxu8t2gsiPQRsXt7tlW7MS/Dg7Y04K34u/vjSlnyUu4KGVX9Nz1CADY9fDVfu2Tv\n Oc/MpwYmjTWJwImQYwRnH9OQ3GVOm3l9IDXcDiO/DRdYuaWGdhnKi0aqKo2hOX1/j5\n OLmcJ+Ir01Hj6QpElJ4yvT/65NfDLHtrjAlLeoLBXSPczwJSWA0Wuck1C/Kd06LB0O\n CZYcT63ZLuIt60GYUNekjrnpcncF5aAbSKDPkxsbfor/c8S2fs+hbfAPPzJvWRPL0c\n 1VbEF3zjooBzhbcq3ew3MbnL/mUYXDJChr22CkyedtGlQ9wU8q9PU6BeZTe6/5EPAU\n ZNet2E6SU9sipbiCQtDFMcCu+P6mk3xMl+bQJjsglZ9ghWMJ+pBb5N2fX8aM8YmIrz\n prOEGCpzSKPTgtkA370rqq8jCY3jRNLZZWj+Tw/OVP2IGrXODDKMOQDK12UDGR/1S6\n byl/SpOUQE4OJ7ZfKU7TKG5tpj9dimlRBYnWPMYpVtW89Wxg6O/r+/vcL3+zwHWLTf\n rXaeefQvvdUgikQydgYD2HjDs+08kdkEhsBLYuhc9FkOqfNw8fHhvWnN6a4MVor3k9\n vUSMX6+6vkFFPBaTWFnrRGkg=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775196686; x=1775801486;\n h=content-transfer-encoding:in-reply-to:content-language:from\n :references:to:subject:user-agent:mime-version:date:message-id\n :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=i0l1vGZV3pldPOqRbZ/VrWJQf7Xm9J75gzzbbHWDweo=;\n b=OOjpZ23903vRJOpRcEzV4CuHHxx32IUcd+K/gOPEeETHlHAyqZ71dZgOZPpjparGft\n LjuDYMFiPjXpTtVvL7qyRuB3oFFT4x2Xk/fABepxQL1Fg0JFgTHLc+88F2bqR/F49Pbk\n P08cGO5qGBZ12/iFbIjUYrvPYsruE+8GcY1IvK4ZFnn7jpkIC65wh5wUCM0XiokqOn93\n U03/Z98iW3gSHQicnQwj2s6dUkNcOzuaYh89IAMDE/5NOUHAgbfMxBC1g9Dl9/yVRAu7\n h1qLSIwWt1sRaAJFqqbYAxGDSDxls+nB1QeEOfM6aiTKOUC8bZzU4aeXUjh/pLnvV6BU\n jVIQ==","X-Forwarded-Encrypted":"i=1;\n AJvYcCWTr3lRjUvWY2xQDiREHuZ45l3+zvYQ5wSTRGBrDhB/Uf0n+NkIFkMS4/ruGwTKbMMZZAs72f6chDl43g==@lists.ubuntu.com","X-Gm-Message-State":"AOJu0YyVfzAjDCfbDKGepm0b8bqk64pHcFPUkcttZml2Tf1VyuTZoqjP\n 7+cg3egbBpw/DGHxVsPVslgJZuIvE1xjBCk7q6RNaVQzP75+7QvnxowZbusZxNaqkN3I7KsuUZu\n 2uGrsNTb+dPMLXJUWK1lOE008cVl0uH6US2ay6hoIcXu3ubNToe5p2rxC1Yw0WK3BDwemb8FziP\n yuN6GAjw==","X-Gm-Gg":"AeBDietDN2nq/eNNcsW+murWkZ5AkHYMQmOfGbft3uFTkOOPO8WXm0CYT+ulLdQ47t2\n UdYz2k1NVC1KhxBR+rn0zIaxdFs4xvVD5jh7HqCacQ/o4KwO44XydL5jjiO1biPBd8KHPKOk7QQ\n yY7EotkSY/dXlQYXnt4AX3y2qPfZN5e3FF3yoW4If7AilYiIsbNeiLCpUSzENSZ1VP6Xw9gMyQU\n 4Avi4nXI2nfgtoMKRbXriHx1bUbhtfeOnWlXLatc5G9hH7IxtWe11HMti4PYZhh6QnxQNtmuJ/E\n GkFTyJBW9Uajqk4W7fZSCU5vI6IoNyDPdYONaZK8WWE/bAH8tl2zfqLEUQtzD5gLV2hLuIKYXop\n G5wny1e4UHJdRUsy4pSFS9xe8nITilh3dwDothWYw8BHxVQI/GW2TQdWI","X-Received":["by 2002:a17:90b:2e49:b0:35a:189b:43db with SMTP id\n 98e67ed59e1d1-35de6810e49mr1589066a91.4.1775196685787;\n Thu, 02 Apr 2026 23:11:25 -0700 (PDT)","by 2002:a17:90b:2e49:b0:35a:189b:43db with SMTP id\n 98e67ed59e1d1-35de6810e49mr1589052a91.4.1775196685333;\n Thu, 02 Apr 2026 23:11:25 -0700 (PDT)"],"Message-ID":"<0294bfa8-c87c-45a1-bdb9-9e4d29096978@canonical.com>","Date":"Fri, 3 Apr 2026 15:11:22 +0900","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"ACK: [SRU][Q][PATCH 0/2] fix network mediation issues","To":"Georgia Garcia <georgia.garcia@canonical.com>,\n kernel-team@lists.ubuntu.com","References":"<20260402184923.2681798-1-georgia.garcia@canonical.com>","From":"Masahiro Yamada <masahiro.yamada@canonical.com>","Content-Language":"en-US","In-Reply-To":"<20260402184923.2681798-1-georgia.garcia@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"}}]