2011-01-17 17:43:05 +01:00
|
|
|
#
|
2011-01-17 17:43:15 +01:00
|
|
|
# spec file for package apparmor
|
2011-01-17 17:43:05 +01:00
|
|
|
#
|
2012-01-05 13:51:05 +01:00
|
|
|
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
2011-01-17 17:43:05 +01:00
|
|
|
#
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
|
|
#
|
|
|
|
|
|
|
|
|
2011-09-14 13:56:46 +02:00
|
|
|
%bcond_with tomcat
|
2011-01-17 17:43:05 +01:00
|
|
|
%bcond_without pam
|
|
|
|
%bcond_without apache
|
|
|
|
%bcond_with python
|
|
|
|
%bcond_with ruby
|
|
|
|
%bcond_with gnome
|
|
|
|
%bcond_with dbus
|
|
|
|
%bcond_with editor
|
|
|
|
|
|
|
|
%define CATALINA_HOME /usr/share/tomcat6
|
|
|
|
%define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
|
|
|
|
%define JNI_SO libJNIChangeHat.so
|
|
|
|
%define JAR_FILE changeHatValve.jar
|
|
|
|
%define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR)
|
|
|
|
|
|
|
|
Name: apparmor
|
|
|
|
%if ! %{?distro:1}0
|
|
|
|
%if %{?suse_version:1}0
|
|
|
|
%define distro suse
|
|
|
|
%endif
|
|
|
|
%if %{?fedora_version:1}0
|
|
|
|
%define distro redhat
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
%if ! %{?distro:1}0
|
|
|
|
%define distro suse
|
|
|
|
%endif
|
2012-06-02 23:50:07 +02:00
|
|
|
Version: 2.8.0
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
Release: 0
|
2011-09-14 13:56:46 +02:00
|
|
|
Summary: AppArmor userlevel parser utility
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Productivity/Networking/Security
|
2011-09-14 13:56:46 +02:00
|
|
|
Source0: apparmor-%{version}.tar.gz
|
2011-01-17 17:43:15 +01:00
|
|
|
Source1: %{name}-profile-editor.png
|
|
|
|
Source2: %{name}-profile-editor.desktop
|
|
|
|
Source3: update-trans.sh
|
2011-03-25 09:04:51 +01:00
|
|
|
|
2012-04-17 07:43:31 +02:00
|
|
|
# profile for winbindd (bnc#748499, not upstreamed yet)
|
|
|
|
Source4: usr.sbin.winbindd
|
|
|
|
|
2011-10-10 14:10:08 +02:00
|
|
|
# enable caching of profiles (= massive performance speedup when loading profiles)
|
|
|
|
Patch1: apparmor-enable-profile-cache.diff
|
|
|
|
|
2011-10-19 13:56:25 +02:00
|
|
|
# include autogenerated profile sniplet for samba shares (bnc#688040)
|
|
|
|
Patch2: apparmor-samba-include-permissions-for-shares.diff
|
|
|
|
|
2011-10-10 14:10:08 +02:00
|
|
|
# split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
|
2011-03-25 09:05:06 +01:00
|
|
|
Patch5: apparmor-utils-string-split
|
2011-09-14 13:56:46 +02:00
|
|
|
|
2011-10-10 14:10:08 +02:00
|
|
|
# Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
|
2011-03-25 09:05:06 +01:00
|
|
|
Patch12: apparmor-2.5.1-edirectory-profile
|
2011-09-14 13:56:46 +02:00
|
|
|
|
2012-05-08 22:39:34 +02:00
|
|
|
# create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7
|
2011-03-25 09:05:06 +01:00
|
|
|
Patch21: apparmor-utils-subdomain-compat
|
2011-09-14 13:56:46 +02:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
Url: https://launchpad.net/apparmor
|
|
|
|
PreReq: sed
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
2011-01-17 17:43:05 +01:00
|
|
|
%if %{distro} == "suse"
|
2011-09-14 13:56:46 +02:00
|
|
|
PreReq: %{insserv_prereq}
|
|
|
|
PreReq: aaa_base
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
2011-09-14 13:56:46 +02:00
|
|
|
%define apparmor_bin_prefix /lib/apparmor
|
|
|
|
BuildRequires: bison
|
|
|
|
BuildRequires: flex
|
2011-01-17 17:43:05 +01:00
|
|
|
BuildRequires: gcc-c++
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: latex2html
|
2011-10-10 14:10:08 +02:00
|
|
|
BuildRequires: libtool
|
2011-01-17 17:43:15 +01:00
|
|
|
BuildRequires: pcre-devel
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: pkg-config
|
2012-05-08 22:39:34 +02:00
|
|
|
BuildRequires: python
|
2011-01-17 17:43:05 +01:00
|
|
|
BuildRequires: texlive-latex
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: w3m
|
|
|
|
|
2011-01-17 17:43:15 +01:00
|
|
|
BuildRequires: swig
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%if %{with python}
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: python-devel
|
|
|
|
BuildRequires: swig
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with ruby}
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: ruby-devel
|
|
|
|
BuildRequires: swig
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with apache}
|
2011-01-17 17:43:15 +01:00
|
|
|
BuildRequires: apache2-devel
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with tomcat}
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: ant
|
|
|
|
BuildRequires: java-devel >= 1.6.0
|
|
|
|
BuildRequires: tomcat6
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with editor}
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: gcc-c++
|
|
|
|
BuildRequires: update-desktop-files
|
|
|
|
BuildRequires: wxGTK-devel
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with gnome}
|
|
|
|
BuildRequires: gnome-common
|
|
|
|
BuildRequires: pkgconfig(dbus-1)
|
|
|
|
BuildRequires: pkgconfig(gtk+-2.0)
|
|
|
|
BuildRequires: pkgconfig(libgnome-2.0)
|
|
|
|
BuildRequires: pkgconfig(libpanelapplet-2.0)
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with dbus}
|
2011-09-14 13:56:46 +02:00
|
|
|
BuildRequires: audit-devel
|
|
|
|
BuildRequires: libapparmor-devel
|
|
|
|
BuildRequires: pkg-config
|
|
|
|
BuildRequires: pkgconfig(dbus-1)
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%package parser
|
|
|
|
Summary: AppArmor userlevel parser utility
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Productivity/Networking/Security
|
2012-04-17 07:43:31 +02:00
|
|
|
Obsoletes: libimnxcert < %{version}
|
|
|
|
Obsoletes: subdomain-leaf-cert < %{version}
|
2011-01-17 17:43:15 +01:00
|
|
|
Obsoletes: subdomain-parser < %{version}
|
|
|
|
Obsoletes: subdomain-parser-common < %{version}
|
2012-04-17 07:43:31 +02:00
|
|
|
Obsoletes: subdomain-parser-demo < %{version}
|
|
|
|
Obsoletes: subdomain_parser < %{version}
|
|
|
|
Provides: libimnxcert = %{version}
|
|
|
|
Provides: subdomain-leaf-cert = %{version}
|
2011-01-17 17:43:15 +01:00
|
|
|
Provides: subdomain-parser = %{version}
|
|
|
|
Provides: subdomain-parser-common = %{version}
|
2012-04-17 07:43:31 +02:00
|
|
|
Provides: subdomain-parser-demo = %{version}
|
|
|
|
Provides: subdomain_parser = %{version}
|
2011-02-03 22:31:16 +01:00
|
|
|
Provides: apparmor-parser(CAP_SYSLOG)
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description parser
|
|
|
|
The AppArmor Parser is a userlevel program that is used to load in
|
|
|
|
program profiles to the AppArmor Security kernel module.
|
|
|
|
|
|
|
|
This package is part of a suite of tools that used to be named
|
|
|
|
SubDomain.
|
|
|
|
|
|
|
|
%package docs
|
2011-01-17 17:43:15 +01:00
|
|
|
Summary: AppArmor Documentation package
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0+
|
2011-01-17 17:43:15 +01:00
|
|
|
Group: Documentation/Other
|
2011-07-05 13:45:31 +02:00
|
|
|
BuildArch: noarch
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description docs
|
|
|
|
This package contains documentation for AppArmor.
|
|
|
|
|
|
|
|
This package is part of a suite of tools that used to be named
|
|
|
|
SubDomain.
|
|
|
|
|
|
|
|
%if %{with apache}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package -n apache2-mod_apparmor
|
|
|
|
Summary: AppArmor module for apache2
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Productivity/Security
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%description -n apache2-mod_apparmor
|
|
|
|
apache2-modapparmor adds support to apache2 to provide AppArmor
|
|
|
|
confinement to individual cgi scripts handled by apache modules like
|
|
|
|
mod_php and mod_perl.
|
|
|
|
|
|
|
|
This package is part of a suite of tools that used to be named
|
|
|
|
SubDomain.
|
|
|
|
|
|
|
|
The documentation is in the apparmor-admin_en package.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%package -n libapparmor1
|
|
|
|
Summary: Utility library for AppArmor
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: LGPL-2.1+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
%ifarch ppc64
|
2011-01-17 17:43:15 +01:00
|
|
|
Obsoletes: libapparmor-64bit < %{version}
|
2012-01-05 13:51:05 +01:00
|
|
|
Provides: libapparmor-64bit = %{version}
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
Provides: libapparmor = %{version}
|
|
|
|
Provides: libimmunix = %{version}
|
|
|
|
Obsoletes: libapparmor < %{version}
|
|
|
|
Obsoletes: libimmunix < %{version}
|
|
|
|
|
|
|
|
%description -n libapparmor1
|
|
|
|
This package provides the libapparmor library, which contains the
|
|
|
|
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
|
|
|
|
well as functions to parse AppArmor log messages.
|
|
|
|
|
|
|
|
%package -n libapparmor-devel
|
2011-09-14 13:56:46 +02:00
|
|
|
Summary: Development headers and libraries for libapparmor
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: LGPL-2.1+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: libapparmor1 = %{version}
|
2011-01-17 17:43:05 +01:00
|
|
|
Provides: libapparmor:/usr/include/sys/apparmor.h
|
|
|
|
|
|
|
|
%description -n libapparmor-devel
|
|
|
|
These libraries are needed for developing software that makes use of the
|
|
|
|
AppArmor API.
|
|
|
|
|
|
|
|
%package -n perl-apparmor
|
2011-09-14 13:56:46 +02:00
|
|
|
Summary: Perl interface for libapparmor functions
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-09-14 13:56:46 +02:00
|
|
|
Group: Development/Libraries/Perl
|
2011-01-17 17:43:05 +01:00
|
|
|
Requires: libapparmor1 = %{version}
|
|
|
|
Requires: perl = %{perl_version}
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: perl(DBD::SQLite)
|
2011-10-10 14:10:08 +02:00
|
|
|
Requires: perl(Locale::gettext)
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: perl(RPC::XML)
|
2011-10-10 14:10:08 +02:00
|
|
|
Requires: perl(RPC::XML)
|
|
|
|
Requires: perl(Term::ReadKey)
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: perl(Term::ReadKey)
|
2011-11-28 12:52:47 +01:00
|
|
|
Provides: perl-libapparmor = %{version}
|
2011-01-17 17:43:15 +01:00
|
|
|
Obsoletes: perl-libapparmor < 2.5
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description -n perl-apparmor
|
|
|
|
This package provides the perl interface to AppArmor. It is used for perl
|
2011-09-09 11:06:14 +02:00
|
|
|
applications interfacing with AppArmor, including the AppArmor utilities.
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%if %{with python}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package -n python-apparmor
|
2011-09-14 13:56:46 +02:00
|
|
|
Summary: Python interface for libapparmor functions
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-09-14 13:56:46 +02:00
|
|
|
Group: Development/Libraries/Python
|
2011-01-17 17:43:15 +01:00
|
|
|
BuildRequires: python
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: libapparmor1 = %{version}
|
2011-01-17 17:43:05 +01:00
|
|
|
Requires: python = %{python_version}
|
2011-01-17 17:43:15 +01:00
|
|
|
Provides: python-libapparmor
|
|
|
|
Obsoletes: python-libapparmor < 2.5
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description -n python-apparmor
|
|
|
|
This package provides the python interface to AppArmor. It is used for python
|
|
|
|
applications interfacing with AppArmor.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with ruby}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package -n ruby-apparmor
|
2011-09-14 13:56:46 +02:00
|
|
|
Summary: Ruby interface for libapparmor functions
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-09-14 13:56:46 +02:00
|
|
|
Group: Development/Libraries/Ruby
|
2011-01-17 17:43:05 +01:00
|
|
|
Requires: libapparmor1 = %{version}
|
|
|
|
Requires: ruby = %{ruby_version}
|
2011-01-17 17:43:15 +01:00
|
|
|
Provides: ruby-libapparmor
|
|
|
|
Obsoletes: ruby-libapparmor < 2.5
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description -n ruby-apparmor
|
|
|
|
This package provides the ruby interface to AppArmor. It is used for ruby
|
|
|
|
applications interfacing with AppArmor.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%package profiles
|
|
|
|
Summary: AppArmor profiles that are loaded into the apparmor kernel module
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Productivity/Security
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: apparmor-parser(CAP_SYSLOG)
|
2011-01-17 17:43:15 +01:00
|
|
|
Obsoletes: subdomain-profiles < %{version}
|
|
|
|
Provides: subdomain-profiles = %{version}
|
2011-07-05 13:45:31 +02:00
|
|
|
BuildArch: noarch
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description profiles
|
|
|
|
Base profiles. AppArmor is a file and network mandatory access control
|
|
|
|
mechanism. AppArmor confines processes to the resources allowed by the
|
|
|
|
systems administrator and can constrain the scope of potential security
|
|
|
|
vulnerabilities.
|
|
|
|
|
|
|
|
This package is part of a suite of tools that used to be named
|
|
|
|
SubDomain.
|
|
|
|
|
|
|
|
%package utils
|
|
|
|
Summary: AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Productivity/Security
|
2011-01-17 17:43:15 +01:00
|
|
|
Requires: libapparmor1 = %{version}
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: perl = %{perl_version}
|
2011-01-17 17:43:15 +01:00
|
|
|
Requires: perl-apparmor = %{version}
|
|
|
|
BuildArch: noarch
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description utils
|
|
|
|
This package provides the aa-logprof, aa-genprof, aa-autodep,
|
|
|
|
aa-enforce, and aa-complain tools to assist with profile authoring.
|
2011-10-10 14:10:08 +02:00
|
|
|
Besides it provides the aa-unconfined server information tool.
|
|
|
|
It is part of a suite of tools that used to be named SubDomain.
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%if %{with tomcat}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package -n tomcat_apparmor
|
|
|
|
Summary: Tomcat 6 plugin for AppArmor change_hat
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: System/Libraries
|
2011-09-14 13:56:46 +02:00
|
|
|
Requires: libapparmor1 = %{version}
|
|
|
|
Requires: tomcat6
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description -n tomcat_apparmor
|
|
|
|
tomcat_apparmor - is a plugin for Apache Tomcat version 6 that
|
|
|
|
provides support for AppArmor change_hat for creating AppArmor
|
|
|
|
containers that are bound to discrete elements of processing within the
|
|
|
|
Tomcat servlet container. The AppArmor containers, or "hats", can be
|
|
|
|
created for individual URL processing or per servlet.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with pam}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package -n pam_apparmor
|
2011-09-09 11:06:14 +02:00
|
|
|
Summary: PAM module for AppArmor change_hat
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: Productivity/Security
|
2011-09-09 11:06:14 +02:00
|
|
|
BuildRequires: pam-devel
|
2011-09-14 13:56:46 +02:00
|
|
|
PreReq: pam
|
|
|
|
PreReq: pam-config
|
|
|
|
Requires: pam
|
|
|
|
Requires: pam-config
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description -n pam_apparmor
|
|
|
|
The pam_apparmor module provides the means for any PAM applications
|
|
|
|
that call pam_open_session() to automatically perform an AppArmor
|
|
|
|
change_hat operation in order to switch to a user-specific security
|
|
|
|
policy.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with dbus}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package dbus
|
2011-01-17 17:43:15 +01:00
|
|
|
Summary: Audit dispatcher for sending AppArmor events over DBUS
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-01-17 17:43:15 +01:00
|
|
|
Group: System/Monitoring
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description dbus
|
|
|
|
An audit dispatcher for sending AppArmor events over the DBUS system
|
|
|
|
bus.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with editor}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package profile-editor
|
2011-01-17 17:43:15 +01:00
|
|
|
Summary: AppArmor profile editor
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-01-17 17:43:15 +01:00
|
|
|
Group: Productivity/Editors/Other
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%description profile-editor
|
|
|
|
A syntax highlighting editor for AppArmor profiles.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with gnome}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%package -n apparmorapplet-gnome
|
2011-01-17 17:43:15 +01:00
|
|
|
Summary: An AppArmor event notification applet for GNOME
|
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
|
|
|
License: GPL-2.0 ; LGPL-2.1+
|
2011-01-17 17:43:05 +01:00
|
|
|
Group: System/GUI/GNOME
|
|
|
|
|
|
|
|
%description -n apparmorapplet-gnome
|
2011-09-09 11:06:14 +02:00
|
|
|
This taskbar applet receives AppArmor events over DBUS, and notifies
|
2011-01-17 17:43:05 +01:00
|
|
|
the user when AppArmor prevents an application from functioning.
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%description
|
|
|
|
The AppArmor Parser is a userlevel program that is used to load in
|
|
|
|
program profiles to the AppArmor Security kernel module.
|
|
|
|
|
|
|
|
This package is part of a suite of tools that used to be named
|
|
|
|
SubDomain.
|
|
|
|
|
|
|
|
%lang_package -n apparmor-utils
|
|
|
|
%lang_package -n apparmor-parser
|
|
|
|
%if %{with gnome}
|
|
|
|
%lang_package -n apparmorapplet-gnome
|
|
|
|
%endif
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%prep
|
2012-05-08 22:39:34 +02:00
|
|
|
%setup -q
|
2011-10-10 14:10:08 +02:00
|
|
|
%patch1 -p1
|
2011-10-19 13:56:25 +02:00
|
|
|
%patch2 -p0
|
2011-01-17 17:43:05 +01:00
|
|
|
%patch5 -p1
|
|
|
|
%patch12 -p1
|
2012-05-08 22:39:34 +02:00
|
|
|
|
|
|
|
# only create Immunix::SubDomain perl module for openSUSE <= 12.1
|
|
|
|
%if 0%{?suse_version}
|
|
|
|
%if 0%{?suse_version} <= 1210
|
2011-01-17 17:43:05 +01:00
|
|
|
%patch21 -p1
|
2012-05-08 22:39:34 +02:00
|
|
|
%endif
|
|
|
|
%endif
|
2012-04-17 07:43:31 +02:00
|
|
|
|
|
|
|
# profile for winbindd (bnc#748499, not upstreamed yet)
|
|
|
|
test ! -e profiles/apparmor.d/usr.sbin.winbindd
|
|
|
|
cp %{SOURCE4} profiles/apparmor.d/
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%build
|
|
|
|
export SUSE_ASNEEDED=0
|
2011-09-14 13:56:46 +02:00
|
|
|
# re-define _libdir to /lib or /lib64
|
2011-01-17 17:43:05 +01:00
|
|
|
%define _libdir /%{_lib}
|
2011-09-14 13:56:46 +02:00
|
|
|
|
|
|
|
# libapparmor:
|
|
|
|
(
|
|
|
|
cd ./libraries/libapparmor
|
|
|
|
sh ./autogen.sh
|
|
|
|
%configure --with-perl \
|
2011-01-17 17:43:05 +01:00
|
|
|
%if %{with python}
|
2011-09-14 13:56:46 +02:00
|
|
|
--with-python \
|
2011-01-17 17:43:05 +01:00
|
|
|
%else
|
2011-09-14 13:56:46 +02:00
|
|
|
--without-python \
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
%if %{with ruby}
|
2011-09-14 13:56:46 +02:00
|
|
|
--with-ruby \
|
2011-01-17 17:43:05 +01:00
|
|
|
%else
|
2011-09-14 13:56:46 +02:00
|
|
|
--without-ruby \
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
2011-09-14 13:56:46 +02:00
|
|
|
|
|
|
|
make
|
|
|
|
#make check
|
|
|
|
)
|
|
|
|
|
|
|
|
# Utilities:
|
|
|
|
make -C utils
|
|
|
|
# make -C utils check
|
|
|
|
|
|
|
|
# parser:
|
|
|
|
make -C parser
|
|
|
|
# techdoc.txt depends on techdoc.pdf and techdoc/index.html, so make techdoc.txt should be enough
|
|
|
|
make -C parser techdoc.txt
|
|
|
|
# make -C parser check
|
|
|
|
|
|
|
|
# Apache mod_apparmor:
|
|
|
|
%if %{with apache}
|
|
|
|
make -C changehat/mod_apparmor
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
2011-09-14 13:56:46 +02:00
|
|
|
|
|
|
|
# PAM AppArmor:
|
2011-01-17 17:43:05 +01:00
|
|
|
%if %{with pam}
|
2011-09-14 13:56:46 +02:00
|
|
|
make -C changehat/pam_apparmor
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
2011-09-14 13:56:46 +02:00
|
|
|
|
|
|
|
# Profiles:
|
|
|
|
make -C profiles
|
|
|
|
# make -C profiles check
|
|
|
|
|
|
|
|
##configure --disable-static --with-pic \
|
|
|
|
#--with-perl \
|
|
|
|
%if %{with tomcat}
|
|
|
|
make -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{CATALINA_HOME}
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
%if %{with gnome}
|
2011-09-14 13:56:46 +02:00
|
|
|
#--with-gnome \
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
%if %{with dbus}
|
2011-09-14 13:56:46 +02:00
|
|
|
#--with-dbus \
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
%if %{with editor}
|
2011-09-14 13:56:46 +02:00
|
|
|
#--with-profileeditor \
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with ruby}
|
|
|
|
#rm libraries/libapparmor/swig/ruby/Makefile.ruby
|
|
|
|
#make -C libraries/libapparmor/swig/ruby
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%install
|
2011-09-14 13:56:46 +02:00
|
|
|
# libapparmor
|
|
|
|
%makeinstall -C libraries/libapparmor
|
|
|
|
# create symlink for old change_hat(2) manpage
|
|
|
|
( cd %{buildroot}/%{_mandir}/man2/ && ln -s aa_change_hat.2 change_hat.2 )
|
2011-01-17 17:43:05 +01:00
|
|
|
|
2011-09-14 13:56:46 +02:00
|
|
|
# utilities
|
2011-09-19 22:48:33 +02:00
|
|
|
%makeinstall -C utils
|
2011-10-10 14:10:08 +02:00
|
|
|
mkdir -p %{buildroot}%{_localstatedir}/log/apparmor
|
|
|
|
|
|
|
|
%makeinstall -C profiles
|
2011-01-17 17:43:05 +01:00
|
|
|
|
2011-09-14 13:56:46 +02:00
|
|
|
%makeinstall -C parser
|
2011-10-10 14:10:08 +02:00
|
|
|
# default cache dir is /etc/apparmor.d/cache - not the best location.
|
|
|
|
# Use /var/cache/apparmor and make /etc/apparmor.d/cache a symlink to it
|
|
|
|
mkdir -p %{buildroot}%{_localstatedir}/cache/apparmor
|
|
|
|
( cd %{buildroot}/%{_sysconfdir}/apparmor.d/ && ln -s ../../%{_localstatedir}/cache/apparmor cache )
|
2011-01-17 17:43:05 +01:00
|
|
|
|
2011-09-14 13:56:46 +02:00
|
|
|
%if %{with apache}
|
|
|
|
%makeinstall -C changehat/mod_apparmor
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with pam}
|
|
|
|
%makeinstall -C changehat/pam_apparmor SECDIR=%{buildroot}%{_libdir}/security
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with tomcat}
|
|
|
|
mkdir -p %{buildroot}/%{CATALINA_HOME}
|
|
|
|
%makeinstall -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{buildroot}/%{CATALINA_HOME}
|
|
|
|
%endif
|
|
|
|
|
|
|
|
find %{buildroot} -name .packlist -exec rm -f {} \;
|
|
|
|
find %{buildroot} -name perllocal.pod -exec rm -f {} \;
|
2011-01-17 17:43:05 +01:00
|
|
|
|
2011-03-25 09:04:51 +01:00
|
|
|
# Re-create the links to the old names
|
2011-09-14 13:56:46 +02:00
|
|
|
for file in %{buildroot}%{_prefix}/{sbin,share/man/man[0-9]}/aa-*; do
|
2011-03-25 09:04:51 +01:00
|
|
|
d=$(dirname $file)
|
|
|
|
f=$(basename $file)
|
|
|
|
if [ "${f#aa-}" != "$f" ]; then
|
|
|
|
ln -s $f $d/${f#aa-}
|
2011-01-17 17:43:05 +01:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2011-09-14 13:56:46 +02:00
|
|
|
mv -f %{buildroot}%{_mandir}/man8/{status.8,apparmor_status.8}
|
|
|
|
mv -f %{buildroot}%{_mandir}/man8/{notify.8,apparmor_notify.8}
|
|
|
|
rm -f %{buildroot}%{_mandir}/man8/decode.8
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%if %{with editor}
|
|
|
|
%suse_update_desktop_file -i %{name}-profile-editor Utility TextEditor
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with gnome}
|
|
|
|
%find_lang apparmorapplet-gnome
|
|
|
|
%endif
|
|
|
|
|
|
|
|
for pkg in apparmor-utils apparmor-parser; do
|
|
|
|
%find_lang $pkg
|
|
|
|
done
|
|
|
|
|
2011-09-14 13:56:46 +02:00
|
|
|
# remove *.la files
|
|
|
|
rm -fv %{buildroot}%{_libdir}/libapparmor.la %{buildroot}%{_libdir}/libimmunix.la
|
2011-01-17 17:43:05 +01:00
|
|
|
|
2011-09-14 13:56:46 +02:00
|
|
|
echo -------------------------------------------------------------------
|
|
|
|
find -ls
|
|
|
|
echo -------------------------------------------------------------------
|
|
|
|
find %{buildroot} -ls
|
|
|
|
echo -------------------------------------------------------------------
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%files docs
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%doc parser/*.[1-9].html
|
|
|
|
%doc common/apparmor.css
|
|
|
|
%doc parser/techdoc.pdf parser/techdoc/techdoc.html parser/techdoc/techdoc.css parser/techdoc.txt
|
2012-05-08 22:39:34 +02:00
|
|
|
# apparmor.vim is included in the vim package. Ideally it should be in a -devel package, but that's overmuch for one file
|
2012-06-02 23:50:07 +02:00
|
|
|
%dir %{_datadir}/apparmor
|
|
|
|
%{_datadir}/apparmor/apparmor.vim
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%files parser
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%doc parser/README parser/COPYING.GPL
|
|
|
|
/sbin/apparmor_parser
|
|
|
|
%dir %attr(-, root, root) %{_sysconfdir}/apparmor
|
2011-10-10 14:10:08 +02:00
|
|
|
%dir %{_sysconfdir}/apparmor.d
|
|
|
|
%{_sysconfdir}/apparmor.d/cache
|
|
|
|
%dir %{_localstatedir}/cache/apparmor
|
2011-01-17 17:43:05 +01:00
|
|
|
%if %{distro} == "suse"
|
|
|
|
/sbin/rcsubdomain
|
|
|
|
/sbin/rcapparmor
|
|
|
|
%{_sysconfdir}/init.d/boot.apparmor
|
|
|
|
%else
|
|
|
|
%{_sysconfdir}/init.d/apparmor
|
|
|
|
%endif
|
|
|
|
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
|
2011-10-10 14:10:08 +02:00
|
|
|
%config(noreplace) %{_sysconfdir}/apparmor/parser.conf
|
|
|
|
%{_localstatedir}/lib/apparmor
|
2011-01-17 17:43:05 +01:00
|
|
|
%dir %attr(-, root, root) %{apparmor_bin_prefix}
|
|
|
|
%{apparmor_bin_prefix}/rc.apparmor.functions
|
|
|
|
%doc %{_mandir}/man5/apparmor.d.5.gz
|
|
|
|
%doc %{_mandir}/man5/apparmor.vim.5.gz
|
|
|
|
%doc %{_mandir}/man5/subdomain.conf.5.gz
|
|
|
|
%doc %{_mandir}/man7/apparmor.7.gz
|
|
|
|
%doc %{_mandir}/man8/apparmor_parser.8.gz
|
|
|
|
%if %{distro} == "redhat" || %{distro} == "rhel4"
|
|
|
|
|
|
|
|
%pre parser
|
|
|
|
if [ -f %{_sysconfdir}/init.d/subdomain ] ; then
|
|
|
|
chkconfig --del subdomain
|
|
|
|
fi
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%files parser-lang -f apparmor-parser.lang
|
|
|
|
|
|
|
|
%files -n libapparmor1
|
|
|
|
%defattr(-,root,root)
|
2011-11-28 12:52:47 +01:00
|
|
|
%{_libdir}/libapparmor.so.*
|
|
|
|
%{_libdir}/libimmunix.so.*
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%files -n libapparmor-devel
|
|
|
|
%defattr(-,root,root)
|
2011-11-28 12:52:47 +01:00
|
|
|
%{_libdir}/libapparmor.a
|
|
|
|
%{_libdir}/libimmunix.a
|
2011-01-17 17:43:05 +01:00
|
|
|
%{_libdir}/libapparmor.so
|
|
|
|
%{_libdir}/libimmunix.so
|
|
|
|
%doc %{_mandir}/man2/aa_change_hat.2.gz
|
|
|
|
%doc %{_mandir}/man2/change_hat.2.gz
|
2011-09-14 13:56:46 +02:00
|
|
|
%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
|
|
|
|
%doc %{_mandir}/man2/aa_getcon.2.gz
|
2011-01-17 17:43:05 +01:00
|
|
|
%dir %{_includedir}/aalogparse
|
|
|
|
%{_includedir}/sys/apparmor.h
|
|
|
|
%{_includedir}/aalogparse/*
|
|
|
|
|
|
|
|
# hrm, still need to enumerate each directory in these paths in files :(
|
2011-09-14 13:56:46 +02:00
|
|
|
# %define extras_dir %{_sysconfdir}/apparmor/profiles/extras/
|
|
|
|
# %define profiles_dir %{_sysconfdir}/apparmor.d/
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%files profiles
|
2011-09-14 13:56:46 +02:00
|
|
|
%defattr(644,root,root,755)
|
|
|
|
%config(noreplace) %{_sysconfdir}/apparmor.d/
|
2011-10-10 14:10:08 +02:00
|
|
|
%exclude %{_sysconfdir}/apparmor.d/cache
|
2011-01-17 17:43:05 +01:00
|
|
|
%dir %{_sysconfdir}/apparmor/
|
|
|
|
%dir %{_sysconfdir}/apparmor/profiles
|
2011-09-14 13:56:46 +02:00
|
|
|
%config %{_sysconfdir}/apparmor/profiles/extras/
|
2011-01-17 17:43:05 +01:00
|
|
|
|
|
|
|
%files utils
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%dir %{_sysconfdir}/apparmor
|
2012-06-02 23:50:07 +02:00
|
|
|
%config(noreplace) %{_sysconfdir}/apparmor/easyprof.conf
|
2011-01-17 17:43:05 +01:00
|
|
|
%config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
|
|
|
|
%config(noreplace) %{_sysconfdir}/apparmor/notify.conf
|
|
|
|
%config(noreplace) %{_sysconfdir}/apparmor/severity.db
|
2011-10-10 14:10:08 +02:00
|
|
|
%{_sbindir}/*
|
2012-06-02 23:50:07 +02:00
|
|
|
%{_bindir}/aa-easyprof
|
|
|
|
%{python_sitelib}/apparmor-%{version}-py%{py_ver}.egg-info
|
|
|
|
%{python_sitelib}/apparmor/
|
|
|
|
%dir %{_datadir}/apparmor
|
|
|
|
%{_datadir}/apparmor/easyprof/
|
2011-10-10 14:10:08 +02:00
|
|
|
%dir %{_localstatedir}/log/apparmor
|
2011-03-25 09:04:51 +01:00
|
|
|
%doc %{_mandir}/man2/aa_change_profile.2.gz
|
2011-01-17 17:43:05 +01:00
|
|
|
%doc %{_mandir}/man5/logprof.conf.5.gz
|
|
|
|
%doc %{_mandir}/man8/apparmor_notify.8.gz
|
|
|
|
%doc %{_mandir}/man8/aa-*.gz
|
|
|
|
%doc %{_mandir}/man8/apparmor_status.8.gz
|
|
|
|
%doc %{_mandir}/man8/audit.8.gz
|
|
|
|
%doc %{_mandir}/man8/autodep.8.gz
|
|
|
|
%doc %{_mandir}/man8/complain.8.gz
|
2011-09-14 13:56:46 +02:00
|
|
|
%doc %{_mandir}/man8/disable.8.gz
|
2012-06-02 23:50:07 +02:00
|
|
|
%doc %{_mandir}/man8/easyprof.8.gz
|
2011-01-17 17:43:05 +01:00
|
|
|
%doc %{_mandir}/man8/enforce.8.gz
|
2012-05-08 22:39:34 +02:00
|
|
|
%doc %{_mandir}/man8/exec.8.gz
|
2011-01-17 17:43:05 +01:00
|
|
|
%doc %{_mandir}/man8/genprof.8.gz
|
|
|
|
%doc %{_mandir}/man8/logprof.8.gz
|
|
|
|
%doc %{_mandir}/man8/unconfined.8.gz
|
|
|
|
%doc utils/*.[0-9].html
|
|
|
|
%doc common/apparmor.css
|
|
|
|
|
|
|
|
%files utils-lang -f apparmor-utils.lang
|
|
|
|
|
|
|
|
%files -n perl-apparmor
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{perl_vendorlib}/Immunix
|
2011-09-14 13:56:46 +02:00
|
|
|
%{perl_vendorarch}/auto/LibAppArmor/
|
2011-01-17 17:43:05 +01:00
|
|
|
%{perl_vendorarch}/LibAppArmor.pm
|
|
|
|
|
|
|
|
%if %{with python}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files -n python-apparmor
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{python_sitearch}/LibAppArmor-2.5.1-py2.7.egg-info
|
|
|
|
%{python_sitearch}/libapparmor1/*
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with ruby}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files -n ruby-apparmor
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{_prefix}/%{rb_sitearch}/*
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with pam}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files -n pam_apparmor
|
|
|
|
%defattr(444,root,root,755)
|
|
|
|
%attr(555,root,root) %{_libdir}/security/pam_apparmor.so
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with tomcat}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files -n tomcat_apparmor
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{CATALINA_HOME}/lib/%{JAR_FILE}
|
|
|
|
%{_libdir}/libJNI*
|
|
|
|
%doc %attr(0644,root,root) changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with apache}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files -n apache2-mod_apparmor
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{apache_module_path}/mod_apparmor.so
|
|
|
|
%doc %{_mandir}/man8/mod_apparmor.8.gz
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with dbus}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files dbus
|
|
|
|
%defattr(0750, root, root)
|
|
|
|
%{_bindir}/apparmor-dbus
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with editor}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files profile-editor
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%{_datadir}/applications/%{name}-profile-editor.desktop
|
|
|
|
%{_datadir}/pixmaps/%{name}-profile-editor.png
|
|
|
|
%{_bindir}/profileeditor
|
|
|
|
%{_docdir}/profileeditor/AppArmorProfileEditor.htb
|
|
|
|
%if 0
|
2011-09-14 13:56:46 +02:00
|
|
|
%{_datadir}/doc/profileeditor/AppArmorProfileEditor.htb
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
2011-09-14 13:56:46 +02:00
|
|
|
%dir %{_datadir}/doc/profileeditor
|
2011-01-17 17:43:05 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with gnome}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%files -n apparmorapplet-gnome
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%{_libdir}/bonobo/servers/*.server
|
|
|
|
%{_prefix}/lib/apparmorapplet
|
|
|
|
%{_datadir}/pixmaps/*
|
|
|
|
|
|
|
|
%files -n apparmorapplet-gnome-lang -f apparmorapplet-gnome.lang
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%post parser
|
|
|
|
%if %{distro} == "suse"
|
|
|
|
# SUSE uses insserv
|
|
|
|
# For package renaming from subdomain -> apparmor
|
|
|
|
# we check the existence of the AppArmor 1.1 and
|
|
|
|
# AppArmor 1.2 based init script to help determine
|
|
|
|
# whether we are upgrading
|
|
|
|
SUBDOMAIN_PARSER_INSTALLED="no"
|
|
|
|
if test -e %{_sysconfdir}/init.d/boot.subdomain -o -e %{_sysconfdir}/init.d/subdomain; then
|
|
|
|
SUBDOMAIN_PARSER_INSTALLED="yes"
|
|
|
|
fi
|
|
|
|
if test "$1" == 1 -a $SUBDOMAIN_PARSER_INSTALLED = "no"; then
|
|
|
|
%{insserv_force_if_yast boot.apparmor}
|
|
|
|
elif test -e %{_sysconfdir}/rc.d/boot.d/S??boot.subdomain -o \
|
|
|
|
-e %{_sysconfdir}/rc.d/boot.d/S??boot.apparmor -o \
|
|
|
|
-e %{_sysconfdir}/rc.d/rc3.d/S??subdomain ; then
|
|
|
|
%{insserv_force_if_yast boot.apparmor}
|
|
|
|
else
|
|
|
|
%{fillup_and_insserv -f boot.apparmor}
|
|
|
|
fi
|
|
|
|
%endif
|
|
|
|
%if %{distro} == "redhat" || %{distro} == "rhel4"
|
|
|
|
chkconfig --add apparmor
|
|
|
|
%endif
|
|
|
|
%if %{distro} == "slackware"
|
|
|
|
if grep -qs "# BEGIN rc.subdomain INSERTION" %{_sysconfdir}/rc.d/rc.M ; then true ; else
|
|
|
|
%{apparmor_bin_prefix}/install/frob_slack_rc --init
|
|
|
|
fi
|
|
|
|
if grep -qs "# BEGIN rc.subdomain INSERTION" %{_sysconfdir}/rc.d/rc.K ; then true ; else
|
|
|
|
%{apparmor_bin_prefix}/install/frob_slack_rc --shutdown
|
|
|
|
fi
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%preun parser
|
|
|
|
if [ "$1" = 0 ] ; then
|
|
|
|
%if %{distro} == "suse"
|
2011-10-10 14:10:08 +02:00
|
|
|
# TODO: aaeventd no longer exists - how to handle it?
|
2011-01-17 17:43:05 +01:00
|
|
|
%{stop_on_removal aaeventd}
|
|
|
|
%{stop_on_removal boot.apparmor}
|
|
|
|
%endif
|
|
|
|
%if %{distro} == "redhat" || %{distro} == "rhel4"
|
2011-10-10 14:10:08 +02:00
|
|
|
# TODO: aaeventd no longer exists - how to handle it?
|
2011-01-17 17:43:05 +01:00
|
|
|
chkconfig --del aaeventd
|
|
|
|
chkconfig --del apparmor
|
|
|
|
%endif
|
|
|
|
fi
|
|
|
|
|
|
|
|
%postun parser
|
|
|
|
%if %{distro} == "suse"
|
2011-10-10 14:10:08 +02:00
|
|
|
%restart_on_update boot.apparmor
|
2011-01-17 17:43:05 +01:00
|
|
|
%{insserv_cleanup} || true
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%post -n libapparmor1 -p /sbin/ldconfig
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%postun -n libapparmor1 -p /sbin/ldconfig
|
|
|
|
%if %{with tomcat}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%post -n tomcat_apparmor -p /sbin/ldconfig
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%postun -n tomcat_apparmor -p /sbin/ldconfig
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{with pam}
|
2011-01-17 17:43:15 +01:00
|
|
|
|
2011-01-17 17:43:05 +01:00
|
|
|
%post -n pam_apparmor
|
|
|
|
pam-config -a --apparmor
|
|
|
|
pam-config --update
|
|
|
|
|
|
|
|
%postun -n pam_apparmor
|
|
|
|
pam-config -d --apparmor
|
|
|
|
pam-config --update
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%changelog
|