pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 663646 from security:apparmor

Browse Source 
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
  lessopen.sh for reading files on NFS (workaround for boo#1119937 /
  lp#1784499) (forwarded request 663645 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/663646
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=122
This commit is contained in:
Dominique Leuenberger 2019-01-15 12:15:06 +00:00 committed by Git OBS Bridge
commit 9fced15774
3 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apparmor-lessopen-nfs-workaround.diff Normal file
View File

@ -0,0 +1,15 @@
Index: profiles/apparmor.d/usr.bin.lessopen.sh
===================================================================
--- profiles/apparmor.d/usr.bin.lessopen.sh.orig 2019-01-06 20:05:38.582356924 +0100
+++ profiles/apparmor.d/usr.bin.lessopen.sh 2019-01-06 20:08:26.885706133 +0100
@@ -10,6 +10,10 @@
capability dac_override,
capability dac_read_search,
+ # workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1119937 / https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784499
+ network inet stream,
+ network inet6 stream,
+
/** rk,
/bin/bash mrix,
/{usr/,}bin/rpm mrix,

7
apparmor.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sun Jan 6 19:10:58 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
lessopen.sh for reading files on NFS (workaround for boo#1119937 /
lp#1784499)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 2 19:11:16 UTC 2019 - Christian Boltz <suse-beta@cboltz.de> Wed Jan 2 19:11:16 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>

4
apparmor.spec
View File

@ -69,6 +69,9 @@ Patch8: apparmor-nameservice-resolv-conf-link.patch
# submitted upstream 2019-01-02 - https://gitlab.com/apparmor/apparmor/merge_requests/296 (master + 2.13) and https://gitlab.com/apparmor/apparmor/merge_requests/297 (2.12) # submitted upstream 2019-01-02 - https://gitlab.com/apparmor/apparmor/merge_requests/296 (master + 2.13) and https://gitlab.com/apparmor/apparmor/merge_requests/297 (2.12)
Patch9: profile_filename_cornercase.diff Patch9: profile_filename_cornercase.diff
# workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
Patch10: apparmor-lessopen-nfs-workaround.diff
PreReq: sed PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor %define apparmor_bin_prefix /lib/apparmor
@ -358,6 +361,7 @@ SubDomain.
%patch7 %patch7
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10
%build %build
export SUSE_ASNEEDED=0 export SUSE_ASNEEDED=0