pool/apparmor
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1151902 from home:lnussel:branches:security:apparmor

Browse Source 
- Fix systemd userdb access in unix-chkpwd

OBS-URL: https://build.opensuse.org/request/show/1151902
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=396
This commit is contained in:
Christian Boltz 2024-02-26 18:34:45 +00:00 committed by Git OBS Bridge
parent ea1a0afe49
commit 9041844394
2 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apparmor.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Feb 26 17:25:58 UTC 2024 - Ludwig Nussel <lnussel@suse.com>
- Fix systemd userdb access in unix-chkpwd
-------------------------------------------------------------------
Tue Feb 20 10:16:27 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

20
dovecot-unix_chkpwd.diff
View File

@ -1,8 +1,8 @@
Index: apparmor-3.1.6/profiles/apparmor.d/unix-chkpwd
Index: apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ apparmor-3.1.6/profiles/apparmor.d/unix-chkpwd 2024-01-29 21:53:27.234254724 +0100
@@ -0,0 +1,31 @@
--- /dev/null
+++ apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd
@@ -0,0 +1,35 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2019-2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
@ -29,16 +29,20 @@ Index: apparmor-3.1.6/profiles/apparmor.d/unix-chkpwd
+
+ /etc/shadow r,
+
+ # systemd userdb, used in nspawn
+ /run/host/userdb/*.user r,
+ /run/host/userdb/*.user-privileged r,
+
+ # file_inherit
+ owner /dev/tty[0-9]* rw,
+
+ include if exists <local/unix-chkpwd>
+}
Index: apparmor-3.1.6/profiles/apparmor.d/usr.lib.dovecot.auth
Index: apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth
===================================================================
--- apparmor-3.1.6.orig/profiles/apparmor.d/usr.lib.dovecot.auth 2023-06-21 23:13:41.000000000 +0200
+++ apparmor-3.1.6/profiles/apparmor.d/usr.lib.dovecot.auth 2024-01-29 21:45:32.528140518 +0100
@@ -52,8 +52,12 @@ profile dovecot-auth /usr/lib/dovecot/au
--- apparmor-3.1.7.orig/profiles/apparmor.d/usr.lib.dovecot.auth
+++ apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth
@@ -52,8 +52,12 @@ profile dovecot-auth /usr/lib*/dovecot/a
@{run}/dovecot/stats-user rw,
@{run}/dovecot/anvil-auth-penalty rw,