pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 679945 from security:apparmor

Browse Source 
- add dnsmasq-revert-alternation.diff: revert path alternation in
  dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
  breaking libvirtd (boo#1127073)

OBS-URL: https://build.opensuse.org/request/show/679945
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=124
This commit is contained in:
Stephan Kulow 2019-03-01 19:29:54 +00:00 committed by Git OBS Bridge
commit 5ad4f1cd38
3 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apparmor.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Feb 27 19:28:14 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
- add dnsmasq-revert-alternation.diff: revert path alternation in
dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
breaking libvirtd (boo#1127073)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 24 21:13:43 UTC 2019 - Christian Boltz <suse-beta@cboltz.de> Thu Jan 24 21:13:43 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>

4
apparmor.spec
View File

@ -75,6 +75,9 @@ Patch10: apparmor-lessopen-nfs-workaround.diff
# add peer=libvirtd to dnsmasq profile (from upstream 20fe099cede7cb5ec7dcf62a5427936766a6d4e4) # add peer=libvirtd to dnsmasq profile (from upstream 20fe099cede7cb5ec7dcf62a5427936766a6d4e4)
Patch11: dnsmasq-libvirtd.diff Patch11: dnsmasq-libvirtd.diff
# revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073, submitted upstream 2019-02-26 as https://gitlab.com/apparmor/apparmor/merge_requests/346)
Patch12: dnsmasq-revert-alternation.diff
PreReq: sed PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor %define apparmor_bin_prefix /lib/apparmor
@ -366,6 +369,7 @@ SubDomain.
%patch9 -p1 %patch9 -p1
%patch10 %patch10
%patch11 -p1 %patch11 -p1
%patch12 -p1
%build %build
export SUSE_ASNEEDED=0 export SUSE_ASNEEDED=0

38
dnsmasq-revert-alternation.diff Normal file
View File

@ -0,0 +1,38 @@
commit 4b9a07eb9be98c56a622379ba2055f0f9d5dce30
Author: Christian Boltz <apparmor@cboltz.de>
Date: Tue Feb 26 21:05:16 2019 +0100
Revert /usr/{bin,sbin}/ alternation in dnsmasq profile
Even if we expected it to stay compatible with peer=/usr/sbin/dnsmasq in
the libvirtd profile, practise shows that we were wrong.
This patch reverts the profile name to /usr/sbin/dnsmasq, and re-adds
the libvirtd peer name /usr/sbin/libvirtd to avoid breaking libvirtd.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1127073
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 3f66a17e..2dc8902e 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -12,7 +12,7 @@
@{TFTP_DIR}=/var/tftp /srv/tftpboot
#include <tunables/global>
-/usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+/usr/sbin/dnsmasq flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus>
#include <abstractions/nameservice>
@@ -28,8 +28,10 @@
network inet6 raw,
signal (receive) peer=/usr/{bin,sbin}/libvirtd,
+ signal (receive) peer=/usr/sbin/libvirtd,
signal (receive) peer=libvirtd,
ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
+ ptrace (readby) peer=/usr/sbin/libvirtd,
ptrace (readby) peer=libvirtd,
owner /dev/tty rw,