From 56136dc1ef5df0a92522c6e8e4056f65f830d4d84338a4c6efdeadc693aeb011 Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Mon, 8 Aug 2022 19:15:19 +0000
Subject: [PATCH] Accepting request 993843 from home:cboltz

- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
  (boo#1202161)

OBS-URL: https://build.opensuse.org/request/show/993843
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=346
---
 apparmor.changes |  6 ++++++
 apparmor.spec    |  4 ++++
 dnsmasq.diff     | 27 +++++++++++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 dnsmasq.diff

diff --git a/apparmor.changes b/apparmor.changes
index dfecb3a..9975384 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Aug  8 18:51:26 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
+
+- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
+  (boo#1202161)
+
 -------------------------------------------------------------------
 Mon Aug  1 18:42:57 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index 4b557cf..aca4e13 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -83,6 +83,9 @@ Patch6:         apache-extra-profile-include-if-exists.diff
 #                               + merged upstream 2022-06-29 https://gitlab.com/apparmor/apparmor/-/merge_requests/892 - master only)
 Patch9:         zgrep-profile-mr870.diff
 
+# add missing r permissions for dnsmasc//libvirt-leaseshelper (submitted upstream 2022-08-08 https://gitlab.com/apparmor/apparmor/-/merge_requests/905)
+Patch10:        dnsmasq.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -349,6 +352,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch5
 %patch6
 %patch9 -p1
+%patch10 -p1
 
 %build
 export SUSE_ASNEEDED=0
diff --git a/dnsmasq.diff b/dnsmasq.diff
new file mode 100644
index 0000000..c806e78
--- /dev/null
+++ b/dnsmasq.diff
@@ -0,0 +1,27 @@
+commit c9c5208f77d560467965619fadbf350ada9a0bc2
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Mon Aug 8 20:48:12 2022 +0200
+
+    dnsmasq: Add missing r permissions for libvirt_leaseshelper
+    
+    Note: This was reported for /usr/libexec/libvirt_leaseshelper, but since
+    this is probably unrelated to the path or a path change, this commit
+    also adds r permissions for the previous path.
+    
+    Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1202161
+
+diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
+index bffc09b4..406b2599 100644
+--- a/profiles/apparmor.d/usr.sbin.dnsmasq
++++ b/profiles/apparmor.d/usr.sbin.dnsmasq
+@@ -117,8 +117,8 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+ 
+     /etc/libnl-3/classid r,
+ 
+-    /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
+-    /usr/libexec/libvirt_leaseshelper m,
++    /usr/lib{,64}/libvirt/libvirt_leaseshelper mr,
++    /usr/libexec/libvirt_leaseshelper mr,
+ 
+     owner @{PROC}/@{pid}/net/psched r,
+     owner @{PROC}/@{pid}/status r,