pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 964827 from home:npower:branches:security:apparmor

Browse Source 
- Add new rule to fix 'DENIED' open on /proc/{pid}/fd for
  samba-bgqd; (bnc#1196850).
- Add new rule to allow reading of openssl.cnf; (bnc#1195463).

OBS-URL: https://build.opensuse.org/request/show/964827
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=317
This commit is contained in:
Goldwyn Rodrigues 2022-03-25 12:18:52 +00:00 committed by Git OBS Bridge
parent 7ae734d682
commit 153645aade
4 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apparmor.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Mar 24 14:09:58 UTC 2022 - Noel Power <nopower@suse.com>
- Add new rule to fix 'DENIED' open on /proc/{pid}/fd for
samba-bgqd; (bnc#1196850).
- Add new rule to allow reading of openssl.cnf; (bnc#1195463).
-------------------------------------------------------------------
Thu Feb 10 16:55:38 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>

10
apparmor.spec
View File

@ -77,6 +77,14 @@ Patch5: apparmor-lessopen-nfs-workaround.diff
# make <apache2.d> include in apache extra profile optional to make openQA happy (boo#1178527)
Patch6: apache-extra-profile-include-if-exists.diff
# bsc#1196850 add rule to deal with 'DENIED' open of /proc/{pid}/fd
# see (https://gitlab.com/apparmor/apparmor/-/merge_requests/860)
# bsc#1195463 add rule to allow reading of openssl.cnf
# see (https://gitlab.com/apparmor/apparmor/-/merge_requests/862)
Patch7: update-samba-bgqd.diff
# bsc#1195463 add rule to allow reading of openssl.cnf
# see (https://gitlab.com/apparmor/apparmor/-/merge_requests/862)
Patch8: update-usr-sbin-smbd.diff
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -340,6 +348,8 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
%patch3 -p1
%patch4
%patch5
%patch7 -p1
%patch8 -p1
%build
%define _lto_cflags %{nil}

19
update-samba-bgqd.diff Normal file
View File

@ -0,0 +1,19 @@
Index: apparmor-3.0.4/profiles/apparmor.d/samba-bgqd
===================================================================
--- apparmor-3.0.4.orig/profiles/apparmor.d/samba-bgqd
+++ apparmor-3.0.4/profiles/apparmor.d/samba-bgqd
@@ -6,11 +6,14 @@ profile samba-bgqd /usr/lib*/samba/samba
include <abstractions/base>
include <abstractions/cups-client>
include <abstractions/nameservice>
+ include <abstractions/openssl>
include <abstractions/samba>
signal receive set=term peer=smbd,
@{PROC}/sys/kernel/core_pattern r,
+ owner @{PROC}/@{pid}/fd/ r,
+
@{run}/samba/samba-bgqd.pid wk,
/usr/lib*/samba/samba-bgqd m,

12
update-usr-sbin-smbd.diff Normal file
View File

@ -0,0 +1,12 @@
Index: apparmor-3.0.4/profiles/apparmor.d/usr.sbin.smbd
===================================================================
--- apparmor-3.0.4.orig/profiles/apparmor.d/usr.sbin.smbd
+++ apparmor-3.0.4/profiles/apparmor.d/usr.sbin.smbd
@@ -8,6 +8,7 @@ profile smbd /usr/{bin,sbin}/smbd {
include <abstractions/consoles>
include <abstractions/cups-client>
include <abstractions/nameservice>
+ include <abstractions/openssl>
include <abstractions/samba>
include <abstractions/user-tmp>
include <abstractions/wutmp>