From 0522be49eda864090d4d6a44401610daffafa91a900fd29dd932efd69c6e7ce5 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Wed, 29 May 2024 08:11:54 +0000
Subject: [PATCH] Accepting request 1177448 from
 home:favogt:branches:security:apparmor

- Exclude the crun profile in addition to runc

OBS-URL: https://build.opensuse.org/request/show/1177448
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=411
---
 apparmor.changes | 5 +++++
 apparmor.spec    | 7 ++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/apparmor.changes b/apparmor.changes
index 006a976..7ca85cb 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed May 29 06:41:36 UTC 2024 - Fabian Vogt <fvogt@suse.com>
+
+- Exclude the crun profile in addition to runc
+
 -------------------------------------------------------------------
 Tue May 28 19:34:43 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index fbb86f1..2d2d0a7 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -628,7 +628,10 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %config(noreplace) %{_sysconfdir}/apparmor.d/ch-run
 %config(noreplace) %{_sysconfdir}/apparmor.d/chrome
 %config(noreplace) %{_sysconfdir}/apparmor.d/code
-%config(noreplace) %{_sysconfdir}/apparmor.d/crun
+# exclude crun and runc profiles until the updated container engines (including updated profile with "signal peer=runc") has arrived
+#config(noreplace) %{_sysconfdir}/apparmor.d/crun
+%exclude %{_sysconfdir}/apparmor.d/crun
+%exclude %{_sysconfdir}/apparmor.d/runc
 %config(noreplace) %{_sysconfdir}/apparmor.d/devhelp
 %config(noreplace) %{_sysconfdir}/apparmor.d/element-desktop
 %config(noreplace) %{_sysconfdir}/apparmor.d/epiphany
@@ -674,9 +677,7 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %config(noreplace) %{_sysconfdir}/apparmor.d/rootlesskit
 %config(noreplace) %{_sysconfdir}/apparmor.d/rpm
 %config(noreplace) %{_sysconfdir}/apparmor.d/rssguard
-# exclude runc profile until the updated runc (including updated profile with "signal peer=runc") has arrived
 #config(noreplace) %{_sysconfdir}/apparmor.d/runc
-%exclude %{_sysconfdir}/apparmor.d/runc
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-bgqd
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-dcerpcd
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd