Accepting request 1124273 from home:juliogonzalez:branches:security:apparmor

- Add apparmor-systemd-sessions.patch to allow read access to 
  /run/systemd/sessions/ (bsc#1216878)

OBS-URL: https://build.opensuse.org/request/show/1124273
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=385

apparmor-systemd-sessions.patch

@@ -0,0 +1,11 @@
+--- apparmor-3.1.6/profiles/apparmor.d/abstractions/wutmp.orig	2023-06-21 23:13:41.000000000 +0200
++++ apparmor-3.1.6/profiles/apparmor.d/abstractions/wutmp	2023-11-08 14:45:19.882328152 +0100
+@@ -18,5 +18,8 @@
+   /var/log/btmp     rwk,
+   @{run}/utmp       rwk,
+ 
++  # Some read the list of sessions from systemd
++  /run/systemd/sessions/ r,
++
+   # Include additions to the abstraction
+   include if exists <abstractions/wutmp.d>

apparmor.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov  8 13:47:35 UTC 2023 - Julio Gonzalez Gil <julio@juliogonzalez.es>
+
+- Add apparmor-systemd-sessions.patch to allow read access to 
+  /run/systemd/sessions/ (bsc#1216878)
+
 -------------------------------------------------------------------
 Mon Sep 25 14:07:39 UTC 2023 - David Disseldorp <ddiss@suse.com>
 

apparmor.spec

@@ -92,6 +92,10 @@ Patch6:         apache-extra-profile-include-if-exists.diff
 # add path for precompiled cache (only done/applied if precompiled_cache is enabled)
 Patch7:         apparmor-enable-precompiled-cache.diff
 
+# To allow access to /run/systemd/sessions/ until the next release including the fix
+# for https://gitlab.com/apparmor/apparmor/-/issues/360 is out
+Patch8:         apparmor-systemd-sessions.patch
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison