From 86efea86c15e591222c4f8056c3597efb265435719aca1372bfb64a3159d2fae Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 23 Oct 2016 14:11:15 +0000 Subject: [PATCH] Accepting request 436984 from home:cboltz - add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed) Note: The glibc/nscd package that needs this change was already released with the 20161020 snapshot, so it would be a good idea to get the AppArmor profile updates released quickly ;-) OBS-URL: https://build.opensuse.org/request/show/436984 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=157 --- apparmor.changes | 6 ++++++ apparmor.spec | 4 ++++ nscd-var-lib.diff | 26 ++++++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 nscd-var-lib.diff diff --git a/apparmor.changes b/apparmor.changes index 5a10d9f..d7fe392 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sun Oct 23 13:18:43 UTC 2016 - suse-beta@cboltz.de + +- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and + abstractions/nameservice (path changed in latest nscd in Tumbleweed) + ------------------------------------------------------------------- Thu Oct 13 18:35:52 UTC 2016 - suse-beta@cboltz.de diff --git a/apparmor.spec b/apparmor.spec index 94e340a..9b67610 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -101,6 +101,9 @@ Patch8: libapparmor-fix-import-path.diff # upstream changes/fixes from 2.10 branch r3347..3353 Patch9: changes-since-2.10.1--r3347..3353.diff +# update nscd profile and abstractions/nameservice to allow /var/lib/nscd/ paths (submitted upstream 2016-10-23) +Patch10: nscd-var-lib.diff + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -452,6 +455,7 @@ SubDomain. %patch7 -p1 %patch8 %patch9 +%patch10 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" diff --git a/nscd-var-lib.diff b/nscd-var-lib.diff new file mode 100644 index 0000000..0b5f6a9 --- /dev/null +++ b/nscd-var-lib.diff @@ -0,0 +1,26 @@ +=== modified file 'profiles/apparmor.d/abstractions/nameservice' +--- profiles/apparmor.d/abstractions/nameservice 2016-06-22 22:15:49 +0000 ++++ profiles/apparmor.d/abstractions/nameservice 2016-10-22 19:55:04 +0000 +@@ -46,7 +46,7 @@ + # to vast speed increases when working with network-based lookups. + /{,var/}run/.nscd_socket rw, + /{,var/}run/nscd/socket rw, +- /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts} r, ++ /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r, + # nscd renames and unlinks files in it's operation that clients will + # have open + /{,var/}run/nscd/db* rmix, + +=== modified file 'profiles/apparmor.d/usr.sbin.nscd' +--- profiles/apparmor.d/usr.sbin.nscd 2016-03-21 20:30:19 +0000 ++++ profiles/apparmor.d/usr.sbin.nscd 2016-10-22 19:54:36 +0000 +@@ -28,7 +28,7 @@ + /{,var/}run/nscd/ rw, + /{,var/}run/nscd/db* rwl, + /{,var/}run/nscd/socket wl, +- /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, ++ /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, + /{,var/}run/{nscd/,}nscd.pid rwl, + /var/log/nscd.log rw, + @{PROC}/@{pid}/cmdline r, +