pool/apparmor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 266140 from home:cbosdonnat:branches:security:apparmor

Browse Source 
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
  argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
  leasehealper script to run even on x86_64.
  dnsmasq-profile-fixes.patch. boo#911001

OBS-URL: https://build.opensuse.org/request/show/266140
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=114
This commit is contained in:
Christian Boltz 2014-12-22 12:55:06 +00:00 committed by Git OBS Bridge
parent 2520f26685
commit 7a29d85d80
3 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apparmor.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Dec 22 10:26:15 UTC 2014 - cbosdonnat@suse.com
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
leasehealper script to run even on x86_64.
dnsmasq-profile-fixes.patch. boo#911001
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Dec 21 16:22:27 UTC 2014 - opensuse@cboltz.de Sun Dec 21 16:22:27 UTC 2014 - opensuse@cboltz.de

4
apparmor.spec
View File

@ -95,6 +95,9 @@ Patch6: apparmor-abstractions-no-multiline.diff
# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21) # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
Patch7: apparmor-lessopen-profile.patch Patch7: apparmor-lessopen-profile.patch
# boo#911001 - Allow executing --dhcp-client script
Patch8: dnsmasq-profile-fixes.patch
Url: https://launchpad.net/apparmor Url: https://launchpad.net/apparmor
PreReq: sed PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -434,6 +437,7 @@ SubDomain.
%patch6 %patch6
%patch7 -p1 %patch7 -p1
%patch8 -p1
# search for left-over multiline rules # search for left-over multiline rules
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"

22
dnsmasq-profile-fixes.patch Normal file
View File

@ -0,0 +1,22 @@
Index: apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
===================================================================
--- apparmor-2.9.0.orig/profiles/apparmor.d/usr.sbin.dnsmasq
+++ apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -44,6 +44,8 @@
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
+ /bin/bash ix, # Required to execute --dhcp-script argument
+
# access to iface mtu needed for Router Advertisement messages in IPv6
# Neighbor Discovery protocol (RFC 2461)
@{PROC}/sys/net/ipv6/conf/*/mtu r,
@@ -63,7 +65,7 @@
/{,var/}run/libvirt/network/*.pid rw,
# libvirt lease helper
- /usr/lib/libvirt/libvirt_leaseshelper ix,
+ /usr/{lib,lib64}/libvirt/libvirt_leaseshelper ix,
/{,var/}run/leaseshelper.pid rwk,
# NetworkManager integration