pool/apparmor
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 767253 from security:apparmor

Browse Source 
- add usr-etc-abstractions-base-nameservice.diff to adjust
  abstractions/base and nameservice for /usr/etc/ (boo#1161756) (forwarded request 767252 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/767253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=134
This commit is contained in:
Dominique Leuenberger 2020-01-30 08:40:58 +00:00 committed by Git OBS Bridge
commit 21d4ec5418
4 changed files with 123 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apparmor.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Sat Jan 25 18:51:17 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>
- add usr-etc-abstractions-base-nameservice.diff to adjust
abstractions/base and nameservice for /usr/etc/ (boo#1161756)
-------------------------------------------------------------------
Mon Nov 18 10:39:28 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

6
apparmor.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package apparmor
#
# Copyright (c) 2019 SUSE LLC.
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2011-2019 Christian Boltz
#
# All modifications and additions to the file contributed by third parties
@ -77,6 +77,9 @@ Patch8: usr-etc-abstractions-authentification.diff
# fix building libapparmor python bindings with python 3.8. Based on https://gitlab.com/apparmor/apparmor/merge_requests/430 but patching configure directly to avoid needing BuildRequires: aclocal
Patch9: libapparmor-python3.8.diff
# update abstractions/base and nameservice for /usr/etc (submitted upstream 2020-01-25 https://gitlab.com/apparmor/apparmor/merge_requests/447)
Patch10: ./usr-etc-abstractions-base-nameservice.diff
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor
@ -369,6 +372,7 @@ SubDomain.
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build
%define _lto_cflags %{nil}

2
libapparmor.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package libapparmor
#
# Copyright (c) 2019 SUSE LLC.
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2011-2019 Christian Boltz
#
# All modifications and additions to the file contributed by third parties

111
usr-etc-abstractions-base-nameservice.diff Normal file
View File

@ -0,0 +1,111 @@
commit 395e2e87d7d4a28e4574de5960210b40a7c5ea0d
Author: Christian Boltz <apparmor@cboltz.de>
Date: Sat Jan 25 19:35:50 2020 +0100
adjust abstractions/base and nameservice for /usr/etc/ move
References: http://bugzilla.opensuse.org/show_bug.cgi?id=1161756
diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base
index cecb126f..6288da76 100644
--- a/profiles/apparmor.d/abstractions/base
+++ b/profiles/apparmor.d/abstractions/base
@@ -23,9 +23,9 @@
/dev/log w,
/dev/random r,
/dev/urandom r,
- /etc/locale/** r,
- /etc/locale.alias r,
- /etc/localtime r,
+ /{usr/,}etc/locale/** r,
+ /{usr/,}etc/locale.alias r,
+ /{usr/,}etc/localtime r,
/usr/share/locale-bundle/** r,
/usr/share/locale-langpack/** r,
/usr/share/locale/** r,
@@ -48,14 +48,14 @@
/usr/lib/@{multiarch}/gconv/gconv-modules* mr,
# used by glibc when binding to ephemeral ports
- /etc/bindresvport.blacklist r,
+ /{usr/,}etc/bindresvport.blacklist r,
# ld.so.cache and ld are used to load shared libraries; they are best
# available everywhere
- /etc/ld.so.cache mr,
- /etc/ld.so.conf r,
- /etc/ld.so.conf.d/{,*.conf} r,
- /etc/ld.so.preload r,
+ /{usr/,}etc/ld.so.cache mr,
+ /{usr/,}etc/ld.so.conf r,
+ /{usr/,}etc/ld.so.conf.d/{,*.conf} r,
+ /{usr/,}etc/ld.so.preload r,
/{usr/,}lib{,32,64}/ld{,32,64}-*.so mr,
/{usr/,}lib/@{multiarch}/ld{,32,64}-*.so mr,
/{usr/,}lib/tls/i686/{cmov,nosegneg}/ld-*.so mr,
diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
index ec639cda..4024ba1e 100644
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -13,16 +13,16 @@
# looking up users by name or id, groups by name or id, hosts by name
# or IP, etc. These operations may be performed through files, dns,
# NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here.
- /etc/group r,
- /etc/host.conf r,
- /etc/hosts r,
- /etc/nsswitch.conf r,
- /etc/gai.conf r,
- /etc/passwd r,
- /etc/protocols r,
+ /{usr/,}etc/group r,
+ /{usr/,}etc/host.conf r,
+ /{usr/,}etc/hosts r,
+ /{usr/,}etc/nsswitch.conf r,
+ /{usr/,}etc/gai.conf r,
+ /{usr/,}etc/passwd r,
+ /{usr/,}etc/protocols r,
# libtirpc (used for NIS/YP login) needs this
- /etc/netconfig r,
+ /{usr/,}etc/netconfig r,
# When using libnss-extrausers, the passwd and group files are merged from
# an alternate path
@@ -36,15 +36,15 @@
/var/lib/sss/mc/passwd r,
/var/lib/sss/pipes/nss rw,
- /etc/resolv.conf r,
+ /{usr/,}etc/resolv.conf r,
# On systems where /etc/resolv.conf is managed programmatically, it is
# a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
/{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
- /etc/resolvconf/run/resolv.conf r,
+ /{usr/,}etc/resolvconf/run/resolv.conf r,
/{,var/}run/systemd/resolve/stub-resolv.conf r,
- /etc/samba/lmhosts r,
- /etc/services r,
+ /{usr/,}etc/samba/lmhosts r,
+ /{usr/,}etc/services r,
# db backend
/var/lib/misc/*.db r,
# The Name Service Cache Daemon can cache lookups, sometimes leading
@@ -60,14 +60,14 @@
# they are available
/{usr/,}lib{,32,64}/libnss_*.so* mr,
/{usr/,}lib/@{multiarch}/libnss_*.so* mr,
- /etc/default/nss r,
+ /{usr/,}etc/default/nss r,
# avahi-daemon is used for mdns4 resolution
/{,var/}run/avahi-daemon/socket rw,
# libnl-3-200 via libnss-gw-name
@{PROC}/@{pid}/net/psched r,
- /etc/libnl-*/classid r,
+ /{usr/,}etc/libnl-*/classid r,
# nis
#include <abstractions/nis>