Accepting request 436984 from home:cboltz

- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
  abstractions/nameservice (path changed in latest nscd in Tumbleweed)


Note: The glibc/nscd package that needs this change was already released
with the 20161020 snapshot, so it would be a good idea to get the
AppArmor profile updates released quickly ;-)

OBS-URL: https://build.opensuse.org/request/show/436984
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=157
This commit is contained in:
Christian Boltz 2016-10-23 14:11:15 +00:00 committed by Git OBS Bridge
parent 041a6f7868
commit 86efea86c1
3 changed files with 36 additions and 0 deletions

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Sun Oct 23 13:18:43 UTC 2016 - suse-beta@cboltz.de
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
abstractions/nameservice (path changed in latest nscd in Tumbleweed)
-------------------------------------------------------------------
Thu Oct 13 18:35:52 UTC 2016 - suse-beta@cboltz.de

View File

@ -101,6 +101,9 @@ Patch8: libapparmor-fix-import-path.diff
# upstream changes/fixes from 2.10 branch r3347..3353
Patch9: changes-since-2.10.1--r3347..3353.diff
# update nscd profile and abstractions/nameservice to allow /var/lib/nscd/ paths (submitted upstream 2016-10-23)
Patch10: nscd-var-lib.diff
Url: https://launchpad.net/apparmor
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -452,6 +455,7 @@ SubDomain.
%patch7 -p1
%patch8
%patch9
%patch10
# search for left-over multiline rules
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"

26
nscd-var-lib.diff Normal file
View File

@ -0,0 +1,26 @@
=== modified file 'profiles/apparmor.d/abstractions/nameservice'
--- profiles/apparmor.d/abstractions/nameservice 2016-06-22 22:15:49 +0000
+++ profiles/apparmor.d/abstractions/nameservice 2016-10-22 19:55:04 +0000
@@ -46,7 +46,7 @@
# to vast speed increases when working with network-based lookups.
/{,var/}run/.nscd_socket rw,
/{,var/}run/nscd/socket rw,
- /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts} r,
+ /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r,
# nscd renames and unlinks files in it's operation that clients will
# have open
/{,var/}run/nscd/db* rmix,
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd 2016-03-21 20:30:19 +0000
+++ profiles/apparmor.d/usr.sbin.nscd 2016-10-22 19:54:36 +0000
@@ -28,7 +28,7 @@
/{,var/}run/nscd/ rw,
/{,var/}run/nscd/db* rwl,
/{,var/}run/nscd/socket wl,
- /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
+ /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
/{,var/}run/{nscd/,}nscd.pid rwl,
/var/log/nscd.log rw,
@{PROC}/@{pid}/cmdline r,