Accepting request 293870 from home:elvigia:branches:security:apparmor

- Add a native systemd unit which *at the moment* only 
 wraps/masks the early boot script.

OBS-URL: https://build.opensuse.org/request/show/293870
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=127
This commit is contained in:
Christian Boltz 2015-04-12 21:08:34 +00:00 committed by Git OBS Bridge
parent 218655ab95
commit 531d50b796
3 changed files with 37 additions and 4 deletions

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Apr 1 03:47:44 UTC 2015 - crrodriguez@opensuse.org
- Add a native systemd unit which *at the moment* only
wraps/masks the early boot script.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 24 13:19:10 UTC 2015 - rguenther@suse.com Tue Feb 24 13:19:10 UTC 2015 - rguenther@suse.com

16
apparmor.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Load AppArmor profiles
DefaultDependencies=no
Before=sysinit.target
After=systemd-journald-audit.socket
ConditionSecurity=apparmor
[Service]
Type=oneshot
ExecStart=/etc/init.d/boot.apparmor start
ExecReload=/etc/init.d/boot.apparmor reload
ExecStop=/etc/init.d/boot.apparmor stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

View File

@ -1,7 +1,7 @@
# #
# spec file for package apparmor # spec file for package apparmor
# #
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2011-2014 Christian Boltz # Copyright (c) 2011-2014 Christian Boltz
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
@ -72,7 +72,7 @@ Source2: %{name}.keyring
Source5: update-trans.sh Source5: update-trans.sh
Source6: baselibs.conf Source6: baselibs.conf
Source7: apparmor-rpmlintrc Source7: apparmor-rpmlintrc
Source8: apparmor.service
# enable caching of profiles (= massive performance speedup when loading profiles) # enable caching of profiles (= massive performance speedup when loading profiles)
Patch1: apparmor-enable-profile-cache.diff Patch1: apparmor-enable-profile-cache.diff
@ -151,6 +151,9 @@ BuildRequires: java-devel >= 1.6.0
BuildRequires: tomcat6 BuildRequires: tomcat6
%endif %endif
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
%package parser %package parser
Summary: AppArmor userlevel parser utility Summary: AppArmor userlevel parser utility
License: GPL-2.0+ License: GPL-2.0+
@ -595,6 +598,8 @@ done
# remove *.la files # remove *.la files
rm -fv %{buildroot}%{_libdir}/libapparmor.la rm -fv %{buildroot}%{_libdir}/libapparmor.la
install -D -m0644 %{S:8} %{buildroot}%{_unitdir}/apparmor.service
echo ------------------------------------------------------------------- echo -------------------------------------------------------------------
#find -ls #find -ls
echo ------------------------------------------------------------------- echo -------------------------------------------------------------------
@ -626,6 +631,7 @@ echo -------------------------------------------------------------------
%else %else
%{_sysconfdir}/init.d/apparmor %{_sysconfdir}/init.d/apparmor
%endif %endif
%{_unitdir}/apparmor.service
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf %config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
%config(noreplace) %{_sysconfdir}/apparmor/parser.conf %config(noreplace) %{_sysconfdir}/apparmor/parser.conf
%{_localstatedir}/lib/apparmor %{_localstatedir}/lib/apparmor
@ -636,13 +642,12 @@ echo -------------------------------------------------------------------
%doc %{_mandir}/man5/subdomain.conf.5.gz %doc %{_mandir}/man5/subdomain.conf.5.gz
%doc %{_mandir}/man7/apparmor.7.gz %doc %{_mandir}/man7/apparmor.7.gz
%doc %{_mandir}/man8/apparmor_parser.8.gz %doc %{_mandir}/man8/apparmor_parser.8.gz
%if %{distro} == "redhat" || %{distro} == "rhel4"
%pre parser %pre parser
if [ -f %{_sysconfdir}/init.d/subdomain ] ; then if [ -f %{_sysconfdir}/init.d/subdomain ] ; then
chkconfig --del subdomain chkconfig --del subdomain
fi fi
%endif %service_add_pre apparmor.service
%files parser-lang -f apparmor-parser.lang %files parser-lang -f apparmor-parser.lang
@ -827,6 +832,8 @@ fi
fi fi
%endif %endif
%service_add_post apparmor.service
%preun parser %preun parser
if [ "$1" = 0 ] ; then if [ "$1" = 0 ] ; then
%if %{distro} == "suse" %if %{distro} == "suse"
@ -837,6 +844,8 @@ if [ "$1" = 0 ] ; then
%endif %endif
fi fi
%service_del_preun apparmor.service
%postun parser %postun parser
%if %{distro} == "suse" %if %{distro} == "suse"
#restart_on_update boot.apparmor - but non-broken (bnc#853019) #restart_on_update boot.apparmor - but non-broken (bnc#853019)
@ -851,6 +860,8 @@ fi
%{insserv_cleanup} || true %{insserv_cleanup} || true
%endif %endif
%service_del_postun apparmor.service
%post abstractions %post abstractions
%if %{distro} == "suse" %if %{distro} == "suse"
#restart_on_update boot.apparmor - but non-broken (bnc#853019) #restart_on_update boot.apparmor - but non-broken (bnc#853019)