apparmor/dnsmasq-revert-alternation.diff

commit 4b9a07eb9be98c56a622379ba2055f0f9d5dce30
Author: Christian Boltz <apparmor@cboltz.de>
Date:   Tue Feb 26 21:05:16 2019 +0100

    Revert /usr/{bin,sbin}/ alternation in dnsmasq profile
    
    Even if we expected it to stay compatible with peer=/usr/sbin/dnsmasq in
    the libvirtd profile, practise shows that we were wrong.
    
    This patch reverts the profile name to /usr/sbin/dnsmasq, and re-adds
    the libvirtd peer name /usr/sbin/libvirtd to avoid breaking libvirtd.
    
    References: https://bugzilla.opensuse.org/show_bug.cgi?id=1127073

diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 3f66a17e..2dc8902e 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -12,7 +12,7 @@
 @{TFTP_DIR}=/var/tftp /srv/tftpboot
 
 #include <tunables/global>
-/usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+/usr/sbin/dnsmasq flags=(attach_disconnected) {
   #include <abstractions/base>
   #include <abstractions/dbus>
   #include <abstractions/nameservice>
@@ -28,8 +28,10 @@
   network inet6 raw,
 
   signal (receive) peer=/usr/{bin,sbin}/libvirtd,
+  signal (receive) peer=/usr/sbin/libvirtd,
   signal (receive) peer=libvirtd,
   ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
+  ptrace (readby) peer=/usr/sbin/libvirtd,
   ptrace (readby) peer=libvirtd,
 
   owner /dev/tty rw,
Accepting request 679944 from home:cboltz update dnsmasq-revert-alternation.diff from upstream merge request OBS-URL: https://build.opensuse.org/request/show/679944 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=236 2019-02-27 20:30:05 +01:00			`commit 4b9a07eb9be98c56a622379ba2055f0f9d5dce30`
Accepting request 679592 from home:cboltz - add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073) OBS-URL: https://build.opensuse.org/request/show/679592 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=235 2019-02-26 21:52:01 +01:00			`Author: Christian Boltz <apparmor@cboltz.de>`
			`Date: Tue Feb 26 21:05:16 2019 +0100`

			`Revert /usr/{bin,sbin}/ alternation in dnsmasq profile`

			`Even if we expected it to stay compatible with peer=/usr/sbin/dnsmasq in`
			`the libvirtd profile, practise shows that we were wrong.`

Accepting request 679944 from home:cboltz update dnsmasq-revert-alternation.diff from upstream merge request OBS-URL: https://build.opensuse.org/request/show/679944 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=236 2019-02-27 20:30:05 +01:00			`This patch reverts the profile name to /usr/sbin/dnsmasq, and re-adds`
			`the libvirtd peer name /usr/sbin/libvirtd to avoid breaking libvirtd.`
Accepting request 679592 from home:cboltz - add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073) OBS-URL: https://build.opensuse.org/request/show/679592 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=235 2019-02-26 21:52:01 +01:00
			`References: https://bugzilla.opensuse.org/show_bug.cgi?id=1127073`

			`diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq`
Accepting request 679944 from home:cboltz update dnsmasq-revert-alternation.diff from upstream merge request OBS-URL: https://build.opensuse.org/request/show/679944 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=236 2019-02-27 20:30:05 +01:00			`index 3f66a17e..2dc8902e 100644`
Accepting request 679592 from home:cboltz - add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073) OBS-URL: https://build.opensuse.org/request/show/679592 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=235 2019-02-26 21:52:01 +01:00			`--- a/profiles/apparmor.d/usr.sbin.dnsmasq`
			`+++ b/profiles/apparmor.d/usr.sbin.dnsmasq`
			`@@ -12,7 +12,7 @@`
			`@{TFTP_DIR}=/var/tftp /srv/tftpboot`

			`#include <tunables/global>`
			`-/usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {`
			`+/usr/sbin/dnsmasq flags=(attach_disconnected) {`
			`#include <abstractions/base>`
			`#include <abstractions/dbus>`
			`#include <abstractions/nameservice>`
Accepting request 679944 from home:cboltz update dnsmasq-revert-alternation.diff from upstream merge request OBS-URL: https://build.opensuse.org/request/show/679944 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=236 2019-02-27 20:30:05 +01:00			`@@ -28,8 +28,10 @@`
			`network inet6 raw,`

			`signal (receive) peer=/usr/{bin,sbin}/libvirtd,`
			`+ signal (receive) peer=/usr/sbin/libvirtd,`
			`signal (receive) peer=libvirtd,`
			`ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,`
			`+ ptrace (readby) peer=/usr/sbin/libvirtd,`
			`ptrace (readby) peer=libvirtd,`

			`owner /dev/tty rw,`