pool/apparmor
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 93892 from security:apparmor:factory

Browse Source 
- package subdomain.conf only in -parser, not in -utils package
- package libapparmor.so and libimmunix.so only in libapparmor-devel,
  not in libapparmor1
- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
- move libapparmor.a and libimmunix.a from libapparmor1 to 
  libapparmor-devel package

- update to AppArmor 2.7.0 rc2
  Most of the changes since rc1 were already included as patches.
  Additional changes:
  - fix logprof/genprof to recognize "mknod" in audit.log
  - fix libapparmor python bindings to compile with python 3
  - fix wrong status message in initscript if apparmor-utils are not installed
  - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
  - fix some warnings in utils/Makefile
- remove 4 upstreamed patches
- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
- update line numbers in 2 patches

OBS-URL: https://build.opensuse.org/request/show/93892
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=30
This commit is contained in:
Stephan Kulow 2011-11-28 11:52:47 +00:00 committed by Git OBS Bridge
parent 6058242ab8
commit 76a45f653d
10 changed files with 37 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor-2.5.1-edirectory-profile
View File

@ -17,7 +17,7 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
--- a/profiles/apparmor.d/abstractions/nameservice --- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice +++ b/profiles/apparmor.d/abstractions/nameservice
@@ -72,6 +72,9 @@ @@ -70,6 +70,9 @@
# kerberos # kerberos
#include <abstractions/kerberosclient> #include <abstractions/kerberosclient>

66
apparmor-2.5.1-ldapclient-profile
View File

@ -1,66 +0,0 @@
Thu Jan 6 16:23:19 UTC 2011 - rhafer@suse.de
- Splitted ldap related things from nameservice into separate
profile and added some missing paths (bnc#662761)
---
profiles/apparmor.d/abstractions/ldapclient | 21 +++++++++++++++++++++
profiles/apparmor.d/abstractions/nameservice | 8 +++-----
2 files changed, 24 insertions(+), 5 deletions(-)
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/ldapclient
@@ -0,0 +1,21 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # files required by LDAP clients (e.g. nss_ldap/pam_ldap)
+ /etc/ldap.conf r,
+ /etc/ldap.secret r,
+ /etc/openldap/* r,
+ /etc/openldap/cacerts/* r,
+
+ # SASL plugins and config
+ /etc/sasl2/* r,
+ /usr/lib{,32,64}/sasl2/* r,
+
+ #include <abstractions/ssl_certs>
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -16,8 +16,6 @@
/etc/group r,
/etc/host.conf r,
/etc/hosts r,
- /etc/ldap.conf r,
- /etc/ldap.secret r,
/etc/nsswitch.conf r,
/etc/gai.conf r,
/etc/passwd r,
@@ -32,9 +30,6 @@
/etc/samba/lmhosts r,
/etc/services r,
- # all openldap config
- /etc/openldap/* r,
- /etc/ldap/** r,
# db backend
/var/lib/misc/*.db r,
# The Name Service Cache Daemon can cache lookups, sometimes leading
@@ -60,6 +55,9 @@
# nis
#include <abstractions/nis>
+ # ldap
+ #include <abstractions/ldapclient>
+
# winbind
#include <abstractions/winbind>

21
apparmor-2.7.0rc1-aa-notify-better-error-message.diff
View File

@ -1,21 +0,0 @@
Add a more helpful error message to aa-notify -p if the user is not in
the configured group.
Pending for review upstream.
Signed-off-by: Christian Boltz <apparmor@cboltz.de>
=== modified file 'utils/aa-notify'
--- utils/aa-notify 2011-10-12 11:08:25 +0000
+++ utils/aa-notify 2011-10-16 13:53:23 +0000
@@ -151,7 +151,7 @@
if (defined($prefs{use_group})) {
my ($name, $passwd, $gid, $members) = getgrnam($prefs{use_group});
if (not defined($members) or not defined($login) or (not grep { $_ eq $login } split(/ /, $members) and $login ne "root")) {
- _error("'$login' must be in '$prefs{use_group}' group. Aborting");
+ _error("'$login' must be in '$prefs{use_group}' group. Aborting.\nAsk your admin to add you to this group or to change the group in\n$conf if you want to use aa-notify.");
}
}
}

3
apparmor-2.7.rc1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e4e93cbca008cbec2da080931a5e8d7dc170c993fd5f070fdc04c4062a687ce3
size 1427050

3
apparmor-2.7.rc2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c360763503c6e68b46ae0a563efad878c7ab4c28a0f8084035aa3f04bc914437
size 1427203

21
apparmor-abstractions-winbind-64bit.diff
View File

@ -1,21 +0,0 @@
Make abstractions/winbind working on 64bit systems - valid.dat etc. are in
/usr/lib64/samba/ there
Signed-Off-by: Christian Boltz <apparmor@cboltz.de>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
=== modified file 'profiles/apparmor.d/abstractions/winbind'
--- profiles/apparmor.d/abstractions/winbind 2010-12-20 20:29:10 +0000
+++ profiles/apparmor.d/abstractions/winbind 2011-11-01 15:56:49 +0000
@@ -13,7 +13,7 @@
/tmp/.winbindd/pipe rw,
/var/{lib,run}/samba/winbindd_privileged/pipe rw,
/etc/samba/smb.conf r,
- /usr/lib/samba/valid.dat r,
- /usr/lib/samba/upcase.dat r,
- /usr/lib/samba/lowcase.dat r,
+ /usr/lib*/samba/valid.dat r,
+ /usr/lib*/samba/upcase.dat r,
+ /usr/lib*/samba/lowcase.dat r,

2
apparmor-samba-include-permissions-for-shares.diff
View File

@ -20,7 +20,7 @@ Signed-off-by: Christian Boltz <apparmor@cboltz.de>
=== modified file 'profiles/apparmor.d/usr.sbin.smbd' === modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000 --- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000 +++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000
@@ -40,6 +40,10 @@ @@ -41,6 +41,10 @@
@{HOMEDIRS}/** lrwk, @{HOMEDIRS}/** lrwk,

18
apparmor-samba-vfs-objects.diff
View File

@ -1,18 +0,0 @@
Allow loading the libraries used for Samba "vfs objects = ..."
References: https://bugzilla.novell.com/show_bug.cgi?id=725967
Signed-off-by: Christian Boltz <apparmor@cboltz.de>
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-26 20:43:13 +0000
@@ -24,6 +24,7 @@
/etc/printcap r,
/proc/*/mounts r,
/proc/sys/kernel/core_pattern r,
+ /usr/lib*/samba/vfs/*.so mr,
/usr/sbin/smbd mr,
/etc/samba/* rwk,
/var/cache/samba/** rwk,

25
apparmor.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Sat Nov 26 21:52:31 UTC 2011 - opensuse@cboltz.de
- package subdomain.conf only in -parser, not in -utils package
- package libapparmor.so and libimmunix.so only in libapparmor-devel,
not in libapparmor1
- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
- move libapparmor.a and libimmunix.a from libapparmor1 to
libapparmor-devel package
-------------------------------------------------------------------
Thu Nov 10 20:16:24 UTC 2011 - opensuse@cboltz.de
- update to AppArmor 2.7.0 rc2
Most of the changes since rc1 were already included as patches.
Additional changes:
- fix logprof/genprof to recognize "mknod" in audit.log
- fix libapparmor python bindings to compile with python 3
- fix wrong status message in initscript if apparmor-utils are not installed
- parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
- fix some warnings in utils/Makefile
- remove 4 upstreamed patches
- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
- update line numbers in 2 patches
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Nov 1 17:39:29 UTC 2011 - opensuse@cboltz.de Tue Nov 1 17:39:29 UTC 2011 - opensuse@cboltz.de

32
apparmor.spec
View File

@ -43,9 +43,9 @@ Name: apparmor
%if ! %{?distro:1}0 %if ! %{?distro:1}0
%define distro suse %define distro suse
%endif %endif
Version: 2.7.rc1 Version: 2.7.rc2
Release: 1 Release: 1
%define versiondir 2.7.0~rc1 %define versiondir 2.7.0~rc2
Summary: AppArmor userlevel parser utility Summary: AppArmor userlevel parser utility
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Source0: apparmor-%{version}.tar.gz Source0: apparmor-%{version}.tar.gz
@ -53,21 +53,12 @@ Source1: %{name}-profile-editor.png
Source2: %{name}-profile-editor.desktop Source2: %{name}-profile-editor.desktop
Source3: update-trans.sh Source3: update-trans.sh
# more helpful error message for "aa-notify -p" if the user is not in the configured group. Commited upstream after 2.7rc1.
Patch: apparmor-2.7.0rc1-aa-notify-better-error-message.diff
# enable caching of profiles (= massive performance speedup when loading profiles) # enable caching of profiles (= massive performance speedup when loading profiles)
Patch1: apparmor-enable-profile-cache.diff Patch1: apparmor-enable-profile-cache.diff
# include autogenerated profile sniplet for samba shares (bnc#688040) # include autogenerated profile sniplet for samba shares (bnc#688040)
Patch2: apparmor-samba-include-permissions-for-shares.diff Patch2: apparmor-samba-include-permissions-for-shares.diff
# allow samba "vfs objects" (bnc#725967). Commited upstream after 2.7rc1.
Patch3: apparmor-samba-vfs-objects.diff
# make abstractions/winbind working on 64bit systems. Commited upstream after 2.7rc1.
Patch4: apparmor-abstractions-winbind-64bit.diff
# split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width. # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
Patch5: apparmor-utils-string-split Patch5: apparmor-utils-string-split
@ -78,8 +69,6 @@ Patch11: apparmor-2.5.1-rpmlint-asprintf
# Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
Patch12: apparmor-2.5.1-edirectory-profile Patch12: apparmor-2.5.1-edirectory-profile
# split ldap related things from abstractions/nameservice to abstractions/ldapclient and add sasl support. Commited upstream after 2.7rc1.
Patch13: apparmor-2.5.1-ldapclient-profile
# obsolete, upstream implemented this in another way # obsolete, upstream implemented this in another way
Patch15: apparmor-remove-repo Patch15: apparmor-remove-repo
@ -246,7 +235,7 @@ Requires: perl(RPC::XML)
Requires: perl(RPC::XML) Requires: perl(RPC::XML)
Requires: perl(Term::ReadKey) Requires: perl(Term::ReadKey)
Requires: perl(Term::ReadKey) Requires: perl(Term::ReadKey)
Provides: perl-libapparmor Provides: perl-libapparmor = %{version}
Obsoletes: perl-libapparmor < 2.5 Obsoletes: perl-libapparmor < 2.5
%description -n perl-apparmor %description -n perl-apparmor
@ -412,16 +401,12 @@ SubDomain.
%prep %prep
%setup -q -n %{name}-%{versiondir} %setup -q -n %{name}-%{versiondir}
%patch -p0
%patch1 -p1 %patch1 -p1
%patch2 -p0 %patch2 -p0
%patch3 -p0
%patch4 -p0
%patch5 -p1 %patch5 -p1
#%patch10 -p1 # disabled, see above #%patch10 -p1 # disabled, see above
#%patch11 -p1 # disabled, see above #%patch11 -p1 # disabled, see above
%patch12 -p1 %patch12 -p1
%patch13 -p1
#%patch15 -p1 # obsolete, see above #%patch15 -p1 # obsolete, see above
%patch21 -p1 %patch21 -p1
@ -505,7 +490,6 @@ make -C profiles
mkdir -p %{buildroot}%{_localstatedir}/log/apparmor mkdir -p %{buildroot}%{_localstatedir}/log/apparmor
%makeinstall -C profiles %makeinstall -C profiles
mkdir %{buildroot}%{_sysconfdir}/apparmor.d/disable
%makeinstall -C parser %makeinstall -C parser
# default cache dir is /etc/apparmor.d/cache - not the best location. # default cache dir is /etc/apparmor.d/cache - not the best location.
@ -606,14 +590,13 @@ fi
%files -n libapparmor1 %files -n libapparmor1
%defattr(-,root,root) %defattr(-,root,root)
%{_libdir}/libapparmor.so* %{_libdir}/libapparmor.so.*
%{_libdir}/libimmunix.so* %{_libdir}/libimmunix.so.*
# not sure about the correct package for *.a files...
%{_libdir}/libapparmor.a
%{_libdir}/libimmunix.a
%files -n libapparmor-devel %files -n libapparmor-devel
%defattr(-,root,root) %defattr(-,root,root)
%{_libdir}/libapparmor.a
%{_libdir}/libimmunix.a
%{_libdir}/libapparmor.so %{_libdir}/libapparmor.so
%{_libdir}/libimmunix.so %{_libdir}/libimmunix.so
%doc %{_mandir}/man2/aa_change_hat.2.gz %doc %{_mandir}/man2/aa_change_hat.2.gz
@ -642,7 +625,6 @@ fi
%config(noreplace) %{_sysconfdir}/apparmor/logprof.conf %config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
%config(noreplace) %{_sysconfdir}/apparmor/notify.conf %config(noreplace) %{_sysconfdir}/apparmor/notify.conf
%config(noreplace) %{_sysconfdir}/apparmor/severity.db %config(noreplace) %{_sysconfdir}/apparmor/severity.db
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
%{_sbindir}/* %{_sbindir}/*
%dir %{_localstatedir}/log/apparmor %dir %{_localstatedir}/log/apparmor
%doc %{_mandir}/man2/aa_change_profile.2.gz %doc %{_mandir}/man2/aa_change_profile.2.gz