Accepting request 679944 from home:cboltz

update dnsmasq-revert-alternation.diff from upstream merge request OBS-URL: https://build.opensuse.org/request/show/679944 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=236
2019-02-27 19:30:05 +00:00 · 2019-02-27 19:30:05 +00:00 · 4a792e8754
commit 4a792e8754
parent 854f9b32a9
2 changed files with 18 additions and 6 deletions
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,8 +1,9 @@
 -------------------------------------------------------------------
-Tue Feb 26 20:13:19 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
+Wed Feb 27 19:28:14 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>

 - add dnsmasq-revert-alternation.diff: revert path alternation in
-  dnsmasq profile to avoid breaking libvirtd (boo#1127073)
+  dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
+  breaking libvirtd (boo#1127073)

 -------------------------------------------------------------------
 Thu Jan 24 21:13:43 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
--- a/dnsmasq-revert-alternation.diff
+++ b/dnsmasq-revert-alternation.diff
@ -1,4 +1,4 @@
-commit f0eb077d9644ce426e5af34660d4d619b1fa5774
+commit 4b9a07eb9be98c56a622379ba2055f0f9d5dce30
 Author: Christian Boltz <apparmor@cboltz.de>
 Date:   Tue Feb 26 21:05:16 2019 +0100

@ -7,13 +7,13 @@ Date:   Tue Feb 26 21:05:16 2019 +0100
    Even if we expected it to stay compatible with peer=/usr/sbin/dnsmasq in
    the libvirtd profile, practise shows that we were wrong.
    
-    This patch reverts the profile name to /usr/sbin/dnsmasq to avoid
-    breaking libvirtd.
+    This patch reverts the profile name to /usr/sbin/dnsmasq, and re-adds
+    the libvirtd peer name /usr/sbin/libvirtd to avoid breaking libvirtd.
    
    References: https://bugzilla.opensuse.org/show_bug.cgi?id=1127073

 diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
-index 3f66a17e..eaf8de97 100644
+index 3f66a17e..2dc8902e 100644
 --- a/profiles/apparmor.d/usr.sbin.dnsmasq
 +++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -12,7 +12,7 @@
@ -25,3 +25,14 @@ index 3f66a17e..eaf8de97 100644
   #include <abstractions/base>
   #include <abstractions/dbus>
   #include <abstractions/nameservice>
+@@ -28,8 +28,10 @@
+   network inet6 raw,
+ 
+   signal (receive) peer=/usr/{bin,sbin}/libvirtd,
+  signal (receive) peer=/usr/sbin/libvirtd,
+   signal (receive) peer=libvirtd,
+   ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
+  ptrace (readby) peer=/usr/sbin/libvirtd,
+   ptrace (readby) peer=libvirtd,
+ 
+   owner /dev/tty rw,