From 9c5c1e5926365ad2c83193becb5302d8066eb06e81260b6b4a37fa216d47e9ed Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Wed, 14 Oct 2020 12:23:14 +0000 Subject: [PATCH] Accepting request 841766 from home:cboltz - add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff) OBS-URL: https://build.opensuse.org/request/show/841766 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=277 --- apparmor.changes | 6 ++++++ apparmor.spec | 4 ++++ cap_checkpoint_restore.diff | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 cap_checkpoint_restore.diff diff --git a/apparmor.changes b/apparmor.changes index 0bce9fe..a2613aa 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 14 12:16:52 UTC 2020 - Christian Boltz + +- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, + cap_checkpoint_restore.diff) + ------------------------------------------------------------------- Thu Oct 8 20:56:45 UTC 2020 - Christian Boltz diff --git a/apparmor.spec b/apparmor.spec index baef4ef..5346eca 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -81,6 +81,9 @@ Patch12: sevdb-caps-mr589.diff # needs to go upstream Patch13: libvirt-leaseshelper.patch +# add CAP_CHECKPOINT_RESTORE to severity.db (https://gitlab.com/apparmor/apparmor/-/merge_requests/656, submitted upstream 2020-10-14 for 2.10..master) +Patch14: cap_checkpoint_restore.diff + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -379,6 +382,7 @@ SubDomain. %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build %define _lto_cflags %{nil} diff --git a/cap_checkpoint_restore.diff b/cap_checkpoint_restore.diff new file mode 100644 index 0000000..5447225 --- /dev/null +++ b/cap_checkpoint_restore.diff @@ -0,0 +1,18 @@ +commit 2c2dbdc3a3012ce06371edc1e9be6f58711d8565 +Author: Christian Boltz +Date: Wed Oct 14 14:01:55 2020 +0200 + + Add CAP_CHECKPOINT_RESTORE to severity.db + +diff --git a/utils/severity.db b/utils/severity.db +index 3e07d44e..85b1d5de 100644 +--- a/utils/severity.db ++++ b/utils/severity.db +@@ -30,6 +30,7 @@ + CAP_SETUID 9 + CAP_FOWNER 9 + CAP_BPF 9 ++ CAP_CHECKPOINT_RESTORE 9 + # Denial of service, bypass audit controls, information leak + CAP_SYS_TIME 8 + CAP_NET_ADMIN 8