Accepting request 668438 from home:cboltz

- allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3) OBS-URL: https://build.opensuse.org/request/show/668438 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=232
2019-01-24 21:48:27 +00:00 · 2019-01-24 21:48:27 +00:00 · 5e53819734
commit 5e53819734
parent 44de259587
3 changed files with 37 additions and 0 deletions
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan 24 21:13:43 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
+
+- allow peer=libvirtd in the dnsmasq profile to match the newly added
+  libvirtd profile name (boo#1118952#c3)
+
 -------------------------------------------------------------------
 Mon Jan 14 14:41:14 CET 2019 - kukuk@suse.de

--- a/apparmor.spec
+++ b/apparmor.spec
@ -72,6 +72,9 @@ Patch9:         profile_filename_cornercase.diff
 # workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
 Patch10:        apparmor-lessopen-nfs-workaround.diff

+# add peer=libvirtd to dnsmasq profile (from upstream 20fe099cede7cb5ec7dcf62a5427936766a6d4e4)
+Patch11:        dnsmasq-libvirtd.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@ -362,6 +365,7 @@ SubDomain.
 %patch8 -p1
 %patch9 -p1
 %patch10
+%patch11 -p1

 %build
 export SUSE_ASNEEDED=0
--- a/dnsmasq-libvirtd.diff
+++ b/dnsmasq-libvirtd.diff
@ -0,0 +1,27 @@
+commit 20fe099cede7cb5ec7dcf62a5427936766a6d4e4
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Sun Jan 13 17:38:09 2019 +0100
+
+    dnsmasq: allow peer=libvirtd to support named profile
+    
+    The /usr/sbin/libvirtd profile will get a profile name ("libvirtd").
+    
+    This patch adjusts the dnsmasq profile to support the named profile in
+    addition to the "old" path-based profile name.
+    
+    References: https://bugzilla.opensuse.org/show_bug.cgi?id=1118952#c3
+
+diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
+index a308e3f7..2627f6d6 100644
+--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
+@@ -28,7 +28,9 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+   network inet6 raw,
+ 
+   signal (receive) peer=/usr/{bin,sbin}/libvirtd,
+  signal (receive) peer=libvirtd,
+   ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
+  ptrace (readby) peer=libvirtd,
+ 
+   owner /dev/tty rw,
+