From 018cfefbdbfd78ddd760f7c7431c1c05f29aa66befedb386ada13b25b800a433 Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Sat, 22 Dec 2018 15:48:06 +0000
Subject: [PATCH] Accepting request 660709 from home:cboltz

- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
  boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]

OBS-URL: https://build.opensuse.org/request/show/660709
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=225
---
 apparmor-nameservice-resolv-conf-link.patch | 11 +++++++++++
 apparmor.changes                            |  6 ++++++
 apparmor.spec                               |  4 ++++
 3 files changed, 21 insertions(+)
 create mode 100644 apparmor-nameservice-resolv-conf-link.patch

diff --git a/apparmor-nameservice-resolv-conf-link.patch b/apparmor-nameservice-resolv-conf-link.patch
new file mode 100644
index 0000000..95987ac
--- /dev/null
+++ b/apparmor-nameservice-resolv-conf-link.patch
@@ -0,0 +1,11 @@
+--- apparmor-2.13/profiles/apparmor.d/abstractions/nameservice
++++ apparmor-2.13/profiles/apparmor.d/abstractions/nameservice
+@@ -39,7 +39,7 @@
+   /etc/resolv.conf        r,
+   # On systems where /etc/resolv.conf is managed programmatically, it is
+   # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
+-  /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman}/resolv.conf r,
++  /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
+   /etc/resolvconf/run/resolv.conf r,
+   /{,var/}run/systemd/resolve/stub-resolv.conf r,
+ 
diff --git a/apparmor.changes b/apparmor.changes
index a815983..c27e23e 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Dec 21 13:41:32 UTC 2018 - mt@suse.de
+
+- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
+  boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
+
 -------------------------------------------------------------------
 Fri Dec 21 12:59:00 UTC 2018 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index 734457c..20e8219 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -62,6 +62,9 @@ Patch5:         ruby-2_0-mkmf-destdir.patch
 # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
 Patch7:         apparmor-lessopen-profile.patch
 
+# fate#325872 netconfig: write resolv.conf to /run with link to /etc - submitted upstream 2018-12-22 https://gitlab.com/apparmor/apparmor/merge_requests/294
+Patch8:         apparmor-nameservice-resolv-conf-link.patch
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -349,6 +352,7 @@ SubDomain.
 %patch2
 %patch5 -p1
 %patch7
+%patch8 -p1
 
 %build
 export SUSE_ASNEEDED=0