Accepting request 841766 from home:cboltz

- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
  cap_checkpoint_restore.diff)

OBS-URL: https://build.opensuse.org/request/show/841766
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=277

apparmor.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 14 12:16:52 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>
+
+- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
+  cap_checkpoint_restore.diff)
+
 -------------------------------------------------------------------
 Thu Oct  8 20:56:45 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>
 

apparmor.spec

@@ -81,6 +81,9 @@ Patch12:        sevdb-caps-mr589.diff
 # needs to go upstream
 Patch13:        libvirt-leaseshelper.patch
 
+# add CAP_CHECKPOINT_RESTORE to severity.db (https://gitlab.com/apparmor/apparmor/-/merge_requests/656, submitted upstream 2020-10-14 for 2.10..master)
+Patch14:        cap_checkpoint_restore.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -379,6 +382,7 @@ SubDomain.
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 
 %build
 %define _lto_cflags %{nil}

cap_checkpoint_restore.diff

@@ -0,0 +1,18 @@
+commit 2c2dbdc3a3012ce06371edc1e9be6f58711d8565
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Wed Oct 14 14:01:55 2020 +0200
+
+    Add CAP_CHECKPOINT_RESTORE to severity.db
+
+diff --git a/utils/severity.db b/utils/severity.db
+index 3e07d44e..85b1d5de 100644
+--- a/utils/severity.db
++++ b/utils/severity.db
+@@ -30,6 +30,7 @@
+        CAP_SETUID 9
+        CAP_FOWNER 9
+        CAP_BPF 9
++       CAP_CHECKPOINT_RESTORE 9
+ # Denial of service, bypass audit controls, information leak
+        CAP_SYS_TIME 8
+        CAP_NET_ADMIN 8