From d171a3c620b5a2b637311d3088f6e03dbb486e0de4209dd087713acbcb3987c3 Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Wed, 30 Oct 2013 11:36:14 +0000
Subject: [PATCH 1/2] - add apparmor-profiles-dnsmasq.diff - add missing
 permissions for   libvirt-generated files to dnsmasq profile (bnc#848215)

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=59
---
 apparmor-profiles-dnsmasq.diff | 16 ++++++++++++++++
 apparmor.changes               |  6 ++++++
 apparmor.spec                  |  4 ++++
 3 files changed, 26 insertions(+)
 create mode 100644 apparmor-profiles-dnsmasq.diff

diff --git a/apparmor-profiles-dnsmasq.diff b/apparmor-profiles-dnsmasq.diff
new file mode 100644
index 0000000..f2e03f3
--- /dev/null
+++ b/apparmor-profiles-dnsmasq.diff
@@ -0,0 +1,16 @@
+=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
+--- profiles/apparmor.d/usr.sbin.dnsmasq	2013-01-04 17:46:39 +0000
++++ profiles/apparmor.d/usr.sbin.dnsmasq	2013-10-30 11:04:00 +0000
+@@ -42,8 +42,10 @@
+   @{TFTP_DIR}/ r,
+   @{TFTP_DIR}/** r,
+ 
+-  # libvirt lease and hosts files for dnsmasq
++  # libvirt config, lease and hosts files for dnsmasq
+   /var/lib/libvirt/dnsmasq/            r,
++  /var/lib/libvirt/dnsmasq/*.addnhosts r,
++  /var/lib/libvirt/dnsmasq/*.conf      r,
+   /var/lib/libvirt/dnsmasq/*.leases rw,
+   /var/lib/libvirt/dnsmasq/*.hostsfile r,
+ 
+
diff --git a/apparmor.changes b/apparmor.changes
index 1681f24..0839640 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 30 11:06:39 UTC 2013 - opensuse@cboltz.de
+
+- add apparmor-profiles-dnsmasq.diff - add missing permissions for
+  libvirt-generated files to dnsmasq profile (bnc#848215)
+
 -------------------------------------------------------------------
 Sun Oct 20 11:59:28 UTC 2013 - opensuse@cboltz.de
 
diff --git a/apparmor.spec b/apparmor.spec
index ae2a3d9..de53e66 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -115,6 +115,9 @@ Patch11:        apparmor-profiles-samba4.diff
 # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
 Patch12:        apparmor-2.5.1-edirectory-profile
 
+# dnsmasq - add missing read permisions for libvirt files - bnc#848215 - not submitted upstream yet
+Patch13:        apparmor-profiles-dnsmasq.diff
+
 # create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7
 Patch21:        apparmor-utils-subdomain-compat
 
@@ -488,6 +491,7 @@ SubDomain.
 %patch10
 %patch11
 %patch12 -p1
+%patch13
 
 # only create Immunix::SubDomain perl module for openSUSE <= 12.1 
 %if 0%{?suse_version}

From af1a622b041ed6405b83950522d95a76fe6d80e013ae5baa904b6ffd180e32cf Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Wed, 30 Oct 2013 20:47:57 +0000
Subject: [PATCH 2/2] replace apparmor-profiles-dnsmasq.diff with upstreamed
 patch

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=60
---
 apparmor-profiles-dnsmasq.diff | 11 ++++++-----
 apparmor.spec                  |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/apparmor-profiles-dnsmasq.diff b/apparmor-profiles-dnsmasq.diff
index f2e03f3..dab10ac 100644
--- a/apparmor-profiles-dnsmasq.diff
+++ b/apparmor-profiles-dnsmasq.diff
@@ -1,16 +1,17 @@
 === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
 --- profiles/apparmor.d/usr.sbin.dnsmasq	2013-01-04 17:46:39 +0000
-+++ profiles/apparmor.d/usr.sbin.dnsmasq	2013-10-30 11:04:00 +0000
-@@ -42,8 +42,10 @@
++++ profiles/apparmor.d/usr.sbin.dnsmasq	2013-10-30 19:32:39 +0000
+@@ -42,10 +42,10 @@
    @{TFTP_DIR}/ r,
    @{TFTP_DIR}/** r,
  
 -  # libvirt lease and hosts files for dnsmasq
 +  # libvirt config, lease and hosts files for dnsmasq
    /var/lib/libvirt/dnsmasq/            r,
-+  /var/lib/libvirt/dnsmasq/*.addnhosts r,
-+  /var/lib/libvirt/dnsmasq/*.conf      r,
++  /var/lib/libvirt/dnsmasq/*        r,
    /var/lib/libvirt/dnsmasq/*.leases rw,
-   /var/lib/libvirt/dnsmasq/*.hostsfile r,
+-  /var/lib/libvirt/dnsmasq/*.hostsfile r,
  
+   # libvirt pid files for dnsmasq
+   /{,var/}run/libvirt/network/      r,
 
diff --git a/apparmor.spec b/apparmor.spec
index de53e66..f90edc1 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -115,7 +115,7 @@ Patch11:        apparmor-profiles-samba4.diff
 # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
 Patch12:        apparmor-2.5.1-edirectory-profile
 
-# dnsmasq - add missing read permisions for libvirt files - bnc#848215 - not submitted upstream yet
+# dnsmasq - add missing read permisions for libvirt files - bnc#848215 - committed upstream trunk r2238, 2.8 branch r2101
 Patch13:        apparmor-profiles-dnsmasq.diff
 
 # create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7