• AppArmor Enhancements Merged For Linux 7.0 The AppArmour security module for the Linux kernel, which most notably is backed by Canonical for Ubuntu, has some small improvements and fixes for Linux 7.0. • AppArmor with Linux 7.0 adds support for loading per-permission tagging. • John Johansen of Canonical explains of that patch, which he authored nearly one year ago and only now hitting the mainline kernel: The AppArmor updates also include adding support for execpath in the user namespace. • The new field allows for reliable identification of the binary triggering a denial since the existing field only gives the name of the binary and not its path. • AppArmor with Linux 7.0 also has a number of code clean-ups plus a number of different bug fixes to this kernel security code. • The full list of AppArmor changes for Linux 7.0 via this pull request.
Article Summaries:
- AppArmor Enhancements Merged for Linux 7.0
Canonical’s AppArmor security module has received several small but useful updates in the Linux 7.0 kernel. The patch adds support for per‑permission tagging, enabling richer metadata and debugging information while keeping memory usage low. It also introduces an “execpath” field in user namespaces, allowing precise identification of binaries that trigger denials-something the previous “comm” field could not reliably provide. Additional code clean‑ups and bug fixes round out the changes. With Linux 7.0 slated to power Ubuntu 26.04 LTS, these improvements reduce the need for separate AppArmor patches in Ubuntu’s kernel.
Sources: