many: update apparmor to 4.0.1 (#14150)

* build-aux: update vendored apparmor to 4.0.1 release

Signed-off-by: Alex Murray <[email protected]>

* build-aux: add autoconf-archive to apparmor/build-packages

Unlike the Launchpad tarball, the one from apparmor gitlab tarball
requires this to be present as it is just a snapshot of the git tree,
not a release tarball like those provided by Launchpad.

Signed-off-by: Alex Murray <[email protected]>

* build-aux: remove apparmor parser performance patch

This was already included upstream as part of the 3.1.0 release and
hence is included in the 4.0.1 release which we are now vendoring.

Signed-off-by: Alex Murray <[email protected]>

* build-aux: remove remote patch application logic

They are already included in apparmor 4.x release.

Signed-off-by: Zygmunt Krynicki <[email protected]>

* build-aux: remove local patch application logic

All local patches are now merged in the 4.x release.

Signed-off-by: Zygmunt Krynicki <[email protected]>

* cmd/configure.ac: expect apparmor 4.0.1 when building as a snap

Signed-off-by: Alex Murray <[email protected]>

* sandbox/apparmor: use apparmor 4.0 abi with vendored parser

Signed-off-by: Alex Murray <[email protected]>

* sandbox/apparmor: add debug logging when probing parser features

Signed-off-by: Alex Murray <[email protected]>

* sandbox/apparmor: log apparmor_parser version when probing features

This is helpful when trying to debug why certain features may not be supported.

Signed-off-by: Alex Murray <[email protected]>

* tests/main: update for new vendored apparmor 4.0

Signed-off-by: Alex Murray <[email protected]>

* Reapply "i/builtin: allow docker-support to use mqueue (#13738)" (#13765)

This reverts commit ce29886.

* interfaces: adjust docker-support test to handle mqueue

Signed-off-by: Zygmunt Krynicki <[email protected]>

* sandbox/apparmor: mask mqueue feature until apparmor 4.0.1

It seems that mediation of mqueue is miscompiled by apparmor_parser
4.0.0~beta3 that was present in Ubuntu 24.04 until the 10th of July
2024. Detect this and mask the presence of mqueue unless apparmor parser
4.0.1, or newer, is used.

Signed-off-by: Zygmunt Krynicki <[email protected]>

* sandbox/apparmor: support bundled 3.0 or 4.0 (preferred) abi

Mirror the logic used in apparmor-from-the-host to apparmor-from-snapd-snap.
This mainly fixes tests that repackage old snapd snap without touching
apparmor, but in general seems like the right thing to do.

The logic is such, that abi 4 is preferred.

Signed-off-by: Zygmunt Krynicki <[email protected]>

* sandbox/apparmor: unify test mocking logic

Signed-off-by: Zygmunt Krynicki <[email protected]>

* sandbox/apparmor: refactor appArmorParserVersion not to clobber cmd

Signed-off-by: Zygmunt Krynicki <[email protected]>

* sandbox/apparmor: fix pair of typos

Signed-off-by: Zygmunt Krynicki <[email protected]>

---------

Signed-off-by: Alex Murray <[email protected]>
Signed-off-by: Zygmunt Krynicki <[email protected]>
Co-authored-by: Alex Murray <[email protected]>

build-aux/snap/local/apparmor/af_names.h

@@ -1,13 +1,16 @@
 /*
-  this file was generated on a Ubuntu kinetic install from the upstream
-  apparmor-3.0.7 release tarball as follows:
+  this file was generated on a Ubuntu mantic install from the upstream
+  apparmor-4.0.1 release tarball as follows:
 
-  AA_VER=3.0.7
+  AA_VER=4.0.1
+  TARBALL_NAME="apparmor-v${AA_VER}"
   wget \
-  "https://launchpad.net/apparmor/3.0/${AA_VER}/+download/apparmor-${AA_VER}.tar.gz"
-  tar xf "apparmor-${AA_VER}.tar.gz"
-  cd "apparmor-${AA_VER}"
+  "https://gitlab.com/apparmor/apparmor/-/archive/v${AA_VER}/${TARBALL_NAME}.tar.gz"
+  tar xf "${TARBALL_NAME}.tar.gz"
+  cd "${TARBALL_NAME}"
   make -C parser af_names.h
+  cp ./parser/af_names.h <path-to-this-file>
+  # manually append this header
 
  */
 #ifndef AF_UNSPEC