From 98bfbb94e55f61c6d52073b18b20877de4d27b2a9dc342f35f806da7f2efa044 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 6 Sep 2020 10:18:31 +0000 Subject: [PATCH] Accepting request 831960 from home:jfehlig:branches:security:apparmor This needs to go upstream but hoping someone here more familiar with apparmor and its dev processes can do that. If not please let me know and I can give it a stab. - libvirt-leaseshelper.patch: add /usr/libexec as a path to the libvirt leaseshelper script (jsc#SLE-14253) OBS-URL: https://build.opensuse.org/request/show/831960 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=272 --- apparmor.changes | 6 ++++++ apparmor.spec | 5 +++++ libvirt-leaseshelper.patch | 31 +++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 libvirt-leaseshelper.patch diff --git a/apparmor.changes b/apparmor.changes index ecc4823..da662f7 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Sep 3 19:40:32 UTC 2020 - James Fehlig + +- libvirt-leaseshelper.patch: add /usr/libexec as a path to the + libvirt leaseshelper script (jsc#SLE-14253) + ------------------------------------------------------------------- Fri Aug 7 21:01:02 UTC 2020 - Christian Boltz diff --git a/apparmor.spec b/apparmor.spec index 7aa66cf..06956a9 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -77,6 +77,10 @@ Patch11: abstractions-X-xauth-mr582.diff # add CAP_BPF and CAP_PERFMON to severity.db (merged upstream 2020-08-07 https://gitlab.com/apparmor/apparmor/-/merge_requests/589 (2.11..master)) Patch12: sevdb-caps-mr589.diff +# add /usr/libexec as a path for libvirt_leaseshelper script, jsc#SLE-14253 +# needs to go upstream +Patch13: libvirt-leaseshelper.patch + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -374,6 +378,7 @@ SubDomain. %patch11 -p1 %patch12 -p1 +%patch13 -p1 %build %define _lto_cflags %{nil} diff --git a/libvirt-leaseshelper.patch b/libvirt-leaseshelper.patch new file mode 100644 index 0000000..24a4abd --- /dev/null +++ b/libvirt-leaseshelper.patch @@ -0,0 +1,31 @@ +profiles: Add /usr/libexec as a path to the libvirt leaseshelper script + +openSUSE recently joined most distros in defining libexecdir as /usr/libexec. +The SUSE libvirt package, which for a long time has set libexecdir to +/usr/lib64/libvirt, needs to adopt. Jira SLE-14253 requests libvirt to use +/usr/libexec. libvirt 6.7.0 will be hitting Factory soon with libexecdir +set to /usr/libexec. Add it as a path for the libvirt_leaseshelper script. + +Signed-off-by: Jim Fehlig +Index: apparmor-2.13.4/profiles/apparmor.d/usr.sbin.dnsmasq +=================================================================== +--- apparmor-2.13.4.orig/profiles/apparmor.d/usr.sbin.dnsmasq ++++ apparmor-2.13.4/profiles/apparmor.d/usr.sbin.dnsmasq +@@ -88,7 +88,7 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin + /{,var/}run/libvirt/network/*.pid rw, + + # libvirt lease helper +- /usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper, ++ /usr/{lib/libvirt,lib64/libvirt,libexec}/libvirt_leaseshelper Cx -> libvirt_leaseshelper, + + # lxc-net pid and lease files + /{,var/}run/lxc/dnsmasq.pid rw, +@@ -115,7 +115,7 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin + + /etc/libnl-3/classid r, + +- /usr/lib{,64}/libvirt/libvirt_leaseshelper m, ++ /usr/{lib/libvirt,lib64/libvirt,libexec}/libvirt_leaseshelper m, + + owner @{PROC}/@{pid}/net/psched r, + owner @{PROC}/@{pid}/status r,