||<>|| == Introduction == Security team development is done as time allows. This page does not include security updates, audits, investigations, etc. This page only includes information on proactive development work as it pertains to the Ubuntu Release schedule. == Weekly summary == We fixed 4 RC bugs, got 3 new ones. == Specs == Security team specifications are tended to as time allows. The following are development features actively being worked on for this release: ||[[SecurityTeam/Specifications/Karmic/ApacheAppArmorSpec|ApacheAppArmorSpec]] || '''Completed''' || ||[[SecurityTeam/Specifications/Karmic/AppArmorFirefoxProfile|AppArmorFirefoxProfile]] || '''Completed''' || ||[[SecurityTeam/Specifications/Karmic/AppArmorLibvirtProfile|AppArmorLibvirtProfile]] || '''Completed''' || ||[[SecurityTeam/Specifications/Karmic/ApportAbortHandlerSpec|ApportAbortHandlerSpec]] || '''Completed''' || ||[[SecurityTeam/Specifications/Karmic/FilesystemIntegrityCheckerSpec|FilesystemIntegrityCheckerSpec]] || '''Completed''' || ||[[SecurityTeam/Specifications/USNSpec|USNSpec]] || Deferred to karmic+1 (not dependent on release) || ||Document security features || '''Completed''' || ||Speed-up AppArmor initialization || '''Completed''' || ||Port partial-NX-emulation to Ubuntu kernel || '''Completed''' || ||fix executable stack markings || '''Completed''' || ||compile PIE with BIND_NOW || '''Completed''' || ||ufw filtering by interface || '''Completed''' || ||ufw egress filtering || '''Completed''' || ||ntpd AppArmor profile || '''Completed''' || ||dovecot AppArmor profile || Deferred to karmic+1 || Specs are in good shape and made it in time for Feature freeze with some parts were postponed until karmic+1 for lack of time. == RC Bugs == Fixed last week: * Bug:446524 ((''AppArmor user-space tools need update for complain-mode logging change'')) * Bug:453329 ((''libvirt apparmor profile denies access to pulseaudio'') * Bug:456308 ((''apparmor ntp profile needs corrections'')) * Bug:457716 ((''apparmor denies save and restore in libvirt'')) Triaged problems: * None Bugs which need better understanding/debugging: * None === Planned changes for Final === * None === Deferred for SRU === * Bug:453335 ((''apparmor complains about write access to a readonly ISO image'')) -- '''DONE''' * Bug:446449 ((''After restarting AppArmor, aa-logprof doesn't seem to load the existing profiles'')) -- '''DONE''' ---- CategorySecurityTeam