Accepting request 1124276 from security:apparmor

- Add apparmor-systemd-sessions.patch to allow read access to /run/systemd/sessions/ (bsc#1216878) OBS-URL: https://build.opensuse.org/request/show/1124276 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=198
2023-11-09 20:34:30 +00:00 · 2023-11-09 20:34:30 +00:00 · 01e869679f
commit 01e869679f
parent 75d19b971e d4f95baf8b
3 changed files with 28 additions and 0 deletions
--- a/apparmor-systemd-sessions.patch
+++ b/apparmor-systemd-sessions.patch
@ -0,0 +1,11 @@
+--- apparmor-3.1.6/profiles/apparmor.d/abstractions/wutmp.orig	2023-06-21 23:13:41.000000000 +0200
+++ apparmor-3.1.6/profiles/apparmor.d/abstractions/wutmp	2023-11-08 14:45:19.882328152 +0100
+@@ -18,5 +18,8 @@
+   /var/log/btmp     rwk,
+   @{run}/utmp       rwk,
+ 
+  # Some read the list of sessions from systemd
+  /run/systemd/sessions/ r,
+
+   # Include additions to the abstraction
+   include if exists <abstractions/wutmp.d>
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Nov  8 18:19:36 UTC 2023 - Christian Boltz <suse-beta@cboltz.de>
+
+- Actually apply the previously added patch for bsc#1216878
+
+-------------------------------------------------------------------
+Wed Nov  8 13:47:35 UTC 2023 - Julio Gonzalez Gil <julio@juliogonzalez.es>
+
+- Add apparmor-systemd-sessions.patch to allow read access to
+  /run/systemd/sessions/ (bsc#1216878)
+
 -------------------------------------------------------------------
 Mon Sep 25 14:07:39 UTC 2023 - David Disseldorp <ddiss@suse.com>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -92,6 +92,11 @@ Patch6:         apache-extra-profile-include-if-exists.diff
 # add path for precompiled cache (only done/applied if precompiled_cache is enabled)
 Patch7:         apparmor-enable-precompiled-cache.diff

+# To allow access to /run/systemd/sessions/ until the next release including the fix
+# for https://gitlab.com/apparmor/apparmor/-/issues/360 is out
+# Upstream MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1121 (merged 2023-11-08 into master, 3.1 and 3.0)
+Patch8:         apparmor-systemd-sessions.patch
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison
@ -359,6 +364,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %if %{with precompiled_cache}
 %patch7
 %endif
+%patch8 -p1

 %build
 export SUSE_ASNEEDED=0