Accepting request 602408 from security:apparmor

- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff) (forwarded request 602407 from cboltz) OBS-URL: https://build.opensuse.org/request/show/602408 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=116
2018-04-30 06:50:00 +00:00 · 2018-04-30 06:50:00 +00:00 · 833755e1f3
commit 833755e1f3
parent 714157d455 803321a703
3 changed files with 38 additions and 1 deletions
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sun Apr 29 22:24:33 UTC 2018 - suse-beta@cboltz.de
+
+- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
+  (logprof-skip-cache-d.diff)
+
 -------------------------------------------------------------------
 Mon Apr 23 15:27:55 UTC 2018 - suse-beta@cboltz.de

--- a/apparmor.spec
+++ b/apparmor.spec
@ -65,9 +65,12 @@ Patch7:         apparmor-lessopen-profile.patch
 # install aa-teardown to /usr/sbin, not /sbin (merged upstream 2018-04-15 https://gitlab.com/apparmor/apparmor/merge_requests/97)
 Patch8:         aa-teardown-path.diff

-# fix permissions of apparmor.systemd (boo#1090545)
+# fix permissions of apparmor.systemd (boo#1090545, merged upstream 2018-04-27 https://gitlab.com/apparmor/apparmor/merge_requests/106)
 Patch9:         fix-apparmor-systemd-perms.diff

+# exclude the /etc/apparmor.d/cache.d directory from aa-logprof parsing
+Patch10:        logprof-skip-cache-d.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@ -357,6 +360,7 @@ SubDomain.
 %patch7
 %patch8
 %patch9 -p1
+%patch10

 %build
 export SUSE_ASNEEDED=0
@ -456,6 +460,7 @@ mkdir -p %{buildroot}%{_localstatedir}/log/apparmor
 %makeinstall -C profiles

 install -d -m 755 %{buildroot}/usr/share/apparmor/cache
+echo "*** WARNING: precompiling cache is known to fail under 'osc build' - use 'osc build --vm-type kvm' instead ***"
 cp -a profiles/cache/* %{buildroot}/usr/share/apparmor/cache
 test -f %{buildroot}/usr/share/apparmor/cache/*/.features
 test -f %{buildroot}/usr/share/apparmor/cache/*/bin.ping
--- a/logprof-skip-cache-d.diff
+++ b/logprof-skip-cache-d.diff
@ -0,0 +1,26 @@
+diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
+index e28b8495..88bf2172 100644
+--- utils/apparmor/aa.py
+++ utils/apparmor/aa.py
+@@ -2048,7 +2048,7 @@ def is_skippable_file(path):
+     return False
+ 
+ def is_skippable_dir(path):
+-    if re.search('^(.*/)?(disable|cache|force-complain|lxc|\.git)/?$', path):
+    if re.search('^(.*/)?(disable|cache|cache\.d|force-complain|lxc|\.git)/?$', path):
+         return True
+     return False
+ 
+diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
+index 243283a9..b5f8e94f 100644
+--- utils/test/test-aa.py
+++ utils/test/test-aa.py
+@@ -484,6 +484,8 @@ class AaTest_is_skippable_dir(AATest):
+         ('lxc',                         True),
+         ('force-complain',              True),
+         ('/etc/apparmor.d/cache',       True),
+        ('/etc/apparmor.d/cache.d',     True),
+        ('/etc/apparmor.d/cache.d/',    True),
+         ('/etc/apparmor.d/lxc/',        True),
+         ('/etc/apparmor.d/.git/',       True),
+