Accepting request 733763 from home:luizluca:branches:security:apparmor
- add apparmor-krb5-conf-d.diff for kerberos client Since https://build.opensuse.org/package/rdiff/network/krb5?linkrev=base&rev=204, it is possible to use configuration snippets for krb5.conf. However, any service under apparmor will not be able to read it. As /etc/krb5.conf.d is default for SUSE but not for upstream apparmor, the patch might not be accepted upstream. LEAP15(.1) should also get this fix. OBS-URL: https://build.opensuse.org/request/show/733763 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=249
This commit is contained in:
Christian Boltz
Git OBS Bridge
parent
c2744d57c4
commit
34919fc720
28
apparmor-krb5-conf-d.diff
Normal file
28
apparmor-krb5-conf-d.diff
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 1e37af227ec977efe1a6b6454f5a801c4c04e886 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
||||||
|
Date: Fri, 27 Sep 2019 18:34:20 -0300
|
||||||
|
Subject: [PATCH] abstractions/kerberosclient: allow /etc/krb5.conf.d
|
||||||
|
|
||||||
|
Permit the use of /etc/krb5.conf.d configuration snippets
|
||||||
|
|
||||||
|
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
||||||
|
---
|
||||||
|
profiles/apparmor.d/abstractions/kerberosclient | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/profiles/apparmor.d/abstractions/kerberosclient b/profiles/apparmor.d/abstractions/kerberosclient
|
||||||
|
index 8b08c146..7cb1f9e0 100644
|
||||||
|
--- a/profiles/apparmor.d/abstractions/kerberosclient
|
||||||
|
+++ b/profiles/apparmor.d/abstractions/kerberosclient
|
||||||
|
@@ -22,6 +22,8 @@
|
||||||
|
|
||||||
|
/etc/krb5.keytab rk,
|
||||||
|
/etc/krb5.conf r,
|
||||||
|
+ /etc/krb5.conf.d/ r,
|
||||||
|
+ /etc/krb5.conf.d/* r,
|
||||||
|
|
||||||
|
# config files found via strings on libs
|
||||||
|
/etc/krb.conf r,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Sep 27 21:43:55 UTC 2019 - Luiz Angelo Daros de Luca <luizluca@tre-sc.jus.br>
|
||||||
|
|
||||||
|
- add apparmor-krb5-conf-d.diff for kerberos client
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jun 18 20:51:07 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
|
Tue Jun 18 20:51:07 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
|
||||||
|
|
||||||
|
|||||||
@ -65,6 +65,9 @@ Patch4: apparmor-lessopen-profile.patch
|
|||||||
# workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
|
# workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
|
||||||
Patch5: apparmor-lessopen-nfs-workaround.diff
|
Patch5: apparmor-lessopen-nfs-workaround.diff
|
||||||
|
|
||||||
|
# allow /etc/krb5.conf.d/ for kerberos client
|
||||||
|
Patch6: apparmor-krb5-conf-d.diff
|
||||||
|
|
||||||
PreReq: sed
|
PreReq: sed
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
%define apparmor_bin_prefix /lib/apparmor
|
%define apparmor_bin_prefix /lib/apparmor
|
||||||
@ -353,6 +356,7 @@ SubDomain.
|
|||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4
|
%patch4
|
||||||
%patch5
|
%patch5
|
||||||
|
%patch6 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%define _lto_cflags %{nil}
|
%define _lto_cflags %{nil}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user