apparmor/apparmor-abstractions-r2089-r2090.diff

from 2.8 branch:

------------------------------------------------------------
revno: 2090
committer: Jamie Strandboge <jamie@canonical.com>
branch nick: 2.8
timestamp: Thu 2013-09-12 09:25:56 -0500
message:
  p11-kit needs access to /usr/share/p11-kit/modules
  
  Acked-By: Jamie Strandboge <jamie@canonical.com>
  Acked-by: Steve Beattie <steve@nxnw.org> (for trunk and 2.8)
modified:
  profiles/apparmor.d/abstractions/p11-kit
------------------------------------------------------------
revno: 2089
committer: Steve Beattie <sbeattie@ubuntu.com>
branch nick: 2.8
timestamp: Wed 2013-09-11 16:05:13 -0700
message:
  profiles - Allow reading /etc/machine-id in the dbus-session abstraction.
  Merge from trunk commit rev 2181
  From: intrigeri <intrigeri@boum.org>
  
  D-Bus now uses /etc/machine-id in some cases:
  https://bugs.freedesktop.org/show_bug.cgi?id=35228
  
  Acked-by: Steve Beattie <steve@nxnw.org>
modified:
  profiles/apparmor.d/abstractions/dbus-session
------------------------------------------------------------


=== modified file 'profiles/apparmor.d/abstractions/dbus-session'
--- profiles/apparmor.d/abstractions/dbus-session	2011-05-09 16:09:24 +0000
+++ profiles/apparmor.d/abstractions/dbus-session	2013-09-11 23:05:13 +0000
@@ -10,4 +10,7 @@
 # ------------------------------------------------------------------
 
   /usr/bin/dbus-launch ix,
+
+  # unique per-machine identifier
+  /etc/machine-id r,
   /var/lib/dbus/machine-id r,

=== modified file 'profiles/apparmor.d/abstractions/p11-kit'
--- profiles/apparmor.d/abstractions/p11-kit	2012-01-18 22:22:08 +0000
+++ profiles/apparmor.d/abstractions/p11-kit	2013-09-12 14:25:56 +0000
@@ -16,6 +16,9 @@
   /usr/lib{,32,64}/pkcs11/*.so mr,
   /usr/lib/@{multiarch}/pkcs11/*.so mr,
 
+  /usr/share/p11-kit/modules/  r,
+  /usr/share/p11-kit/modules/* r,
+
   # p11-kit also supports reading user configuration from ~/.pkcs11 depending
   # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
   # included in this abstraction.
Accepting request 198933 from home:cboltz - add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC OBS-URL: https://build.opensuse.org/request/show/198933 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=44 2013-09-13 11:53:29 +00:00			`from 2.8 branch:`

			`------------------------------------------------------------`
			`revno: 2090`
			`committer: Jamie Strandboge <jamie@canonical.com>`
			`branch nick: 2.8`
			`timestamp: Thu 2013-09-12 09:25:56 -0500`
			`message:`
			`p11-kit needs access to /usr/share/p11-kit/modules`

			`Acked-By: Jamie Strandboge <jamie@canonical.com>`
			`Acked-by: Steve Beattie <steve@nxnw.org> (for trunk and 2.8)`
			`modified:`
			`profiles/apparmor.d/abstractions/p11-kit`
			`------------------------------------------------------------`
			`revno: 2089`
			`committer: Steve Beattie <sbeattie@ubuntu.com>`
			`branch nick: 2.8`
			`timestamp: Wed 2013-09-11 16:05:13 -0700`
			`message:`
			`profiles - Allow reading /etc/machine-id in the dbus-session abstraction.`
			`Merge from trunk commit rev 2181`
			`From: intrigeri <intrigeri@boum.org>`

			`D-Bus now uses /etc/machine-id in some cases:`
			`https://bugs.freedesktop.org/show_bug.cgi?id=35228`

			`Acked-by: Steve Beattie <steve@nxnw.org>`
			`modified:`
			`profiles/apparmor.d/abstractions/dbus-session`
			`------------------------------------------------------------`


			`=== modified file 'profiles/apparmor.d/abstractions/dbus-session'`
			`--- profiles/apparmor.d/abstractions/dbus-session 2011-05-09 16:09:24 +0000`
			`+++ profiles/apparmor.d/abstractions/dbus-session 2013-09-11 23:05:13 +0000`
			`@@ -10,4 +10,7 @@`
			`# ------------------------------------------------------------------`

			`/usr/bin/dbus-launch ix,`
			`+`
			`+ # unique per-machine identifier`
			`+ /etc/machine-id r,`
			`/var/lib/dbus/machine-id r,`

			`=== modified file 'profiles/apparmor.d/abstractions/p11-kit'`
			`--- profiles/apparmor.d/abstractions/p11-kit 2012-01-18 22:22:08 +0000`
			`+++ profiles/apparmor.d/abstractions/p11-kit 2013-09-12 14:25:56 +0000`
			`@@ -16,6 +16,9 @@`
			`/usr/lib{,32,64}/pkcs11/*.so mr,`
			`/usr/lib/@{multiarch}/pkcs11/*.so mr,`

			`+ /usr/share/p11-kit/modules/ r,`
			`+ /usr/share/p11-kit/modules/* r,`
			`+`
			`# p11-kit also supports reading user configuration from ~/.pkcs11 depending`
			`# on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be`
			`# included in this abstraction.`