Accepting request 993843 from home:cboltz

- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161) OBS-URL: https://build.opensuse.org/request/show/993843 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=346
2022-08-08 19:15:19 +00:00 · 2022-08-08 19:15:19 +00:00 · 56136dc1ef
commit 56136dc1ef
parent 1437772dac
3 changed files with 37 additions and 0 deletions
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Aug  8 18:51:26 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
+
+- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
+  (boo#1202161)
+
 -------------------------------------------------------------------
 Mon Aug  1 18:42:57 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -83,6 +83,9 @@ Patch6:         apache-extra-profile-include-if-exists.diff
 #                               + merged upstream 2022-06-29 https://gitlab.com/apparmor/apparmor/-/merge_requests/892 - master only)
 Patch9:         zgrep-profile-mr870.diff

+# add missing r permissions for dnsmasc//libvirt-leaseshelper (submitted upstream 2022-08-08 https://gitlab.com/apparmor/apparmor/-/merge_requests/905)
+Patch10:        dnsmasq.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@ -349,6 +352,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch5
 %patch6
 %patch9 -p1
+%patch10 -p1

 %build
 export SUSE_ASNEEDED=0
--- a/dnsmasq.diff
+++ b/dnsmasq.diff
@ -0,0 +1,27 @@
+commit c9c5208f77d560467965619fadbf350ada9a0bc2
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Mon Aug 8 20:48:12 2022 +0200
+
+    dnsmasq: Add missing r permissions for libvirt_leaseshelper
+    
+    Note: This was reported for /usr/libexec/libvirt_leaseshelper, but since
+    this is probably unrelated to the path or a path change, this commit
+    also adds r permissions for the previous path.
+    
+    Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1202161
+
+diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
+index bffc09b4..406b2599 100644
+--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
+@@ -117,8 +117,8 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+ 
+     /etc/libnl-3/classid r,
+ 
+-    /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
+-    /usr/libexec/libvirt_leaseshelper m,
+    /usr/lib{,64}/libvirt/libvirt_leaseshelper mr,
+    /usr/libexec/libvirt_leaseshelper mr,
+ 
+     owner @{PROC}/@{pid}/net/psched r,
+     owner @{PROC}/@{pid}/status r,