Accepting request 841767 from security:apparmor
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff) - %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x OBS-URL: https://build.opensuse.org/request/show/841767 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=143
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
7a921ffd7b
@ -1,3 +1,15 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 14 12:16:52 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>
|
||||||
|
|
||||||
|
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
|
||||||
|
cap_checkpoint_restore.diff)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 8 20:56:45 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>
|
||||||
|
|
||||||
|
- %service_del_postun_without_restart only works for Tumbleweed,
|
||||||
|
keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Sep 11 15:32:37 UTC 2020 - Franck Bui <fbui@suse.com>
|
Fri Sep 11 15:32:37 UTC 2020 - Franck Bui <fbui@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -81,6 +81,9 @@ Patch12: sevdb-caps-mr589.diff
|
|||||||
# needs to go upstream
|
# needs to go upstream
|
||||||
Patch13: libvirt-leaseshelper.patch
|
Patch13: libvirt-leaseshelper.patch
|
||||||
|
|
||||||
|
# add CAP_CHECKPOINT_RESTORE to severity.db (https://gitlab.com/apparmor/apparmor/-/merge_requests/656, submitted upstream 2020-10-14 for 2.10..master)
|
||||||
|
Patch14: cap_checkpoint_restore.diff
|
||||||
|
|
||||||
PreReq: sed
|
PreReq: sed
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
%define apparmor_bin_prefix /lib/apparmor
|
%define apparmor_bin_prefix /lib/apparmor
|
||||||
@ -379,6 +382,7 @@ SubDomain.
|
|||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%define _lto_cflags %{nil}
|
%define _lto_cflags %{nil}
|
||||||
@ -762,7 +766,12 @@ fi
|
|||||||
|
|
||||||
%postun parser
|
%postun parser
|
||||||
# don't call try-restart, see bnc#853019
|
# don't call try-restart, see bnc#853019
|
||||||
|
%if 0%{?suse_version} <= 1500
|
||||||
|
export DISABLE_RESTART_ON_UPDATE="yes"
|
||||||
|
%service_del_postun apparmor.service
|
||||||
|
%else
|
||||||
%service_del_postun_without_restart apparmor.service
|
%service_del_postun_without_restart apparmor.service
|
||||||
|
%endif
|
||||||
|
|
||||||
%post abstractions
|
%post abstractions
|
||||||
# workaround for bnc#904620#c8 / lp#1392042
|
# workaround for bnc#904620#c8 / lp#1392042
|
||||||
|
|||||||
18
cap_checkpoint_restore.diff
Normal file
18
cap_checkpoint_restore.diff
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
commit 2c2dbdc3a3012ce06371edc1e9be6f58711d8565
|
||||||
|
Author: Christian Boltz <apparmor@cboltz.de>
|
||||||
|
Date: Wed Oct 14 14:01:55 2020 +0200
|
||||||
|
|
||||||
|
Add CAP_CHECKPOINT_RESTORE to severity.db
|
||||||
|
|
||||||
|
diff --git a/utils/severity.db b/utils/severity.db
|
||||||
|
index 3e07d44e..85b1d5de 100644
|
||||||
|
--- a/utils/severity.db
|
||||||
|
+++ b/utils/severity.db
|
||||||
|
@@ -30,6 +30,7 @@
|
||||||
|
CAP_SETUID 9
|
||||||
|
CAP_FOWNER 9
|
||||||
|
CAP_BPF 9
|
||||||
|
+ CAP_CHECKPOINT_RESTORE 9
|
||||||
|
# Denial of service, bypass audit controls, information leak
|
||||||
|
CAP_SYS_TIME 8
|
||||||
|
CAP_NET_ADMIN 8
|
||||||
Loading…
x
Reference in New Issue
Block a user