pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 199292 from home:seife:branches:security:apparmor

Browse Source 
fix ntp by allowing read access to openssl.cnf (see comment in patch)

OBS-URL: https://build.opensuse.org/request/show/199292
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=46
This commit is contained in:
Christian Boltz 2013-09-16 20:26:54 +00:00 committed by Git OBS Bridge
parent b950fbc28a
commit 3350370468
3 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apparmor-2.8.2-fix-ntpd-profile.diff Normal file
View File

@ -0,0 +1,27 @@
Patch-Author: Stefan Seyfried <seife+obs@b1-systems.com>
After this change in ntp:
* Mo Aug 19 2013 crrodriguez@opensuse.org
- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
the system's openssl configuration.
we need to read openssl.cnf or starting of ntpd will fail silently(!)
Index: b/profiles/apparmor.d/usr.sbin.ntpd
===================================================================
--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -38,10 +38,12 @@
/etc/ntp/step-tickers r,
/etc/ntpd.conf r,
/etc/ntpd.conf.tmp r,
/etc/gai.conf r,
+ /etc/ssl/openssl.cnf r,
+
/tmp/ntp* rwl,
/usr/sbin/ntpd rmix,
/var/lib/ntp/drift rwl,
/var/lib/ntp/drift.TEMP rwl,
/var/lib/ntp/drift/ntp.drift rw,

5
apparmor.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Sep 16 18:23:46 UTC 2013 - seife+obs@b1-systems.com
- fix ntp by allowing read access to openssl.cnf
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 12 20:40:38 UTC 2013 - opensuse@cboltz.de Thu Sep 12 20:40:38 UTC 2013 - opensuse@cboltz.de

4
apparmor.spec
View File

@ -97,6 +97,9 @@ Patch5: apparmor-utils-string-split
# make apparmor/__init__.py ready for the new tools developed in GSoC. Submitted upstream 2013-09-12 # make apparmor/__init__.py ready for the new tools developed in GSoC. Submitted upstream 2013-09-12
Patch6: apparmor-init.py-gsoc.diff Patch6: apparmor-init.py-gsoc.diff
# fix ntpd after configuration change
Patch7: apparmor-2.8.2-fix-ntpd-profile.diff
# Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
Patch12: apparmor-2.5.1-edirectory-profile Patch12: apparmor-2.5.1-edirectory-profile
@ -467,6 +470,7 @@ SubDomain.
%patch4 %patch4
%patch5 -p1 %patch5 -p1
%patch6 %patch6
%patch7 -p1
%patch12 -p1 %patch12 -p1
# only create Immunix::SubDomain perl module for openSUSE <= 12.1 # only create Immunix::SubDomain perl module for openSUSE <= 12.1