pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 679592 from home:cboltz

Browse Source 
- add dnsmasq-revert-alternation.diff: revert path alternation in
  dnsmasq profile to avoid breaking libvirtd (boo#1127073)

OBS-URL: https://build.opensuse.org/request/show/679592
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=235
This commit is contained in:
Christian Boltz 2019-02-26 20:52:01 +00:00 committed by Git OBS Bridge
parent c0b44a6d8f
commit 854f9b32a9
3 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apparmor.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Feb 26 20:13:19 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
- add dnsmasq-revert-alternation.diff: revert path alternation in
dnsmasq profile to avoid breaking libvirtd (boo#1127073)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 24 21:13:43 UTC 2019 - Christian Boltz <suse-beta@cboltz.de> Thu Jan 24 21:13:43 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>

4
apparmor.spec
View File

@ -75,6 +75,9 @@ Patch10: apparmor-lessopen-nfs-workaround.diff
# add peer=libvirtd to dnsmasq profile (from upstream 20fe099cede7cb5ec7dcf62a5427936766a6d4e4) # add peer=libvirtd to dnsmasq profile (from upstream 20fe099cede7cb5ec7dcf62a5427936766a6d4e4)
Patch11: dnsmasq-libvirtd.diff Patch11: dnsmasq-libvirtd.diff
# revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073, submitted upstream 2019-02-26 as https://gitlab.com/apparmor/apparmor/merge_requests/346)
Patch12: dnsmasq-revert-alternation.diff
PreReq: sed PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor %define apparmor_bin_prefix /lib/apparmor
@ -366,6 +369,7 @@ SubDomain.
%patch9 -p1 %patch9 -p1
%patch10 %patch10
%patch11 -p1 %patch11 -p1
%patch12 -p1
%build %build
export SUSE_ASNEEDED=0 export SUSE_ASNEEDED=0

27
dnsmasq-revert-alternation.diff Normal file
View File

@ -0,0 +1,27 @@
commit f0eb077d9644ce426e5af34660d4d619b1fa5774
Author: Christian Boltz <apparmor@cboltz.de>
Date: Tue Feb 26 21:05:16 2019 +0100
Revert /usr/{bin,sbin}/ alternation in dnsmasq profile
Even if we expected it to stay compatible with peer=/usr/sbin/dnsmasq in
the libvirtd profile, practise shows that we were wrong.
This patch reverts the profile name to /usr/sbin/dnsmasq to avoid
breaking libvirtd.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1127073
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 3f66a17e..eaf8de97 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -12,7 +12,7 @@
@{TFTP_DIR}=/var/tftp /srv/tftpboot
#include <tunables/global>
-/usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+/usr/sbin/dnsmasq flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus>
#include <abstractions/nameservice>