Accepting request 436984 from home:cboltz
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed) Note: The glibc/nscd package that needs this change was already released with the 20161020 snapshot, so it would be a good idea to get the AppArmor profile updates released quickly ;-) OBS-URL: https://build.opensuse.org/request/show/436984 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=157
This commit is contained in:
parent
041a6f7868
commit
86efea86c1
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Oct 23 13:18:43 UTC 2016 - suse-beta@cboltz.de
|
||||
|
||||
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
|
||||
abstractions/nameservice (path changed in latest nscd in Tumbleweed)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 13 18:35:52 UTC 2016 - suse-beta@cboltz.de
|
||||
|
||||
|
@ -101,6 +101,9 @@ Patch8: libapparmor-fix-import-path.diff
|
||||
# upstream changes/fixes from 2.10 branch r3347..3353
|
||||
Patch9: changes-since-2.10.1--r3347..3353.diff
|
||||
|
||||
# update nscd profile and abstractions/nameservice to allow /var/lib/nscd/ paths (submitted upstream 2016-10-23)
|
||||
Patch10: nscd-var-lib.diff
|
||||
|
||||
Url: https://launchpad.net/apparmor
|
||||
PreReq: sed
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -452,6 +455,7 @@ SubDomain.
|
||||
%patch7 -p1
|
||||
%patch8
|
||||
%patch9
|
||||
%patch10
|
||||
|
||||
# search for left-over multiline rules
|
||||
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"
|
||||
|
26
nscd-var-lib.diff
Normal file
26
nscd-var-lib.diff
Normal file
@ -0,0 +1,26 @@
|
||||
=== modified file 'profiles/apparmor.d/abstractions/nameservice'
|
||||
--- profiles/apparmor.d/abstractions/nameservice 2016-06-22 22:15:49 +0000
|
||||
+++ profiles/apparmor.d/abstractions/nameservice 2016-10-22 19:55:04 +0000
|
||||
@@ -46,7 +46,7 @@
|
||||
# to vast speed increases when working with network-based lookups.
|
||||
/{,var/}run/.nscd_socket rw,
|
||||
/{,var/}run/nscd/socket rw,
|
||||
- /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts} r,
|
||||
+ /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r,
|
||||
# nscd renames and unlinks files in it's operation that clients will
|
||||
# have open
|
||||
/{,var/}run/nscd/db* rmix,
|
||||
|
||||
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
|
||||
--- profiles/apparmor.d/usr.sbin.nscd 2016-03-21 20:30:19 +0000
|
||||
+++ profiles/apparmor.d/usr.sbin.nscd 2016-10-22 19:54:36 +0000
|
||||
@@ -28,7 +28,7 @@
|
||||
/{,var/}run/nscd/ rw,
|
||||
/{,var/}run/nscd/db* rwl,
|
||||
/{,var/}run/nscd/socket wl,
|
||||
- /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
|
||||
+ /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
|
||||
/{,var/}run/{nscd/,}nscd.pid rwl,
|
||||
/var/log/nscd.log rw,
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
|
Loading…
Reference in New Issue
Block a user