Accepting request 303872 from security:apparmor

- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404 (forwarded request 303871 from cboltz) OBS-URL: https://build.opensuse.org/request/show/303872 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=85
2015-04-27 05:46:11 +00:00 · 2015-04-27 05:46:11 +00:00 · a1f2018efc
commit a1f2018efc
parent 64b98d8b18 7a649ea462
10 changed files with 98 additions and 507 deletions
--- a/apparmor-2.9.1.tar.gz
+++ b/apparmor-2.9.1.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a63b8724c36c29ed438c9e3ca403bfeeb6c998a45990e300aa1b10faa23a0a22
 size 2326385
--- a/apparmor-2.9.1.tar.gz.asc
+++ b/apparmor-2.9.1.tar.gz.asc
@ -1,7 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iEYEABECAAYFAlSQnFwACgkQgTeYuayTEnFcvwCeI9W6R1FcXVc1idSM49d4NbJq
 em8AoLL3ZThgKwyHdo1W17iuJuWNmYDs
 =N8ne
 -----END PGP SIGNATURE-----
--- a/apparmor-2.9.2.tar.gz
+++ b/apparmor-2.9.2.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:d01156e1ec50deada519fd4e8821677274b1d43418fda3bc4b25f1d38ea75ed5
 size 2336566
--- a/apparmor-2.9.2.tar.gz.asc
+++ b/apparmor-2.9.2.tar.gz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAABCgAGBQJVOV6LAAoJEGaJ5k49NmS7yj8P/Am7QAfhveBAfHy1xbUTHdWy
 Y/LRsM0x4uebNr7ZK1Zy31WqecJLhzXhli58SPf4lvrfb2fOTp9txI3YHYrmB5Lg
 Mn3DhyRcr8Cov6WqPdYmG3dj/fUZSrs1wz6Ryt0zg9SMxu1CGiaZvD34QS0dGBbs
 1JB5PhjqbM54JfsjsMtmqZKviVq7k9+k4Wojzb1MIXD9w70uUj1PiJHJ5nryHFy5
 2KdBNxVTbG9QJCFeBqpchbW6VvunG7NQIRovpRYqEMOJF/UCcBRGdBRLWETCSdfu
 pDy+Sj30VJ9ik7cxRkxB0kn1U1UqGwUMHekjtdSX4Dm8LCSYQR0Wa9KAoiyoh787
 o2cSeeonI0uF5xXzEqLvaVrWsGPucdWfokN1SjuppWPHrSY50Tgtl1791gnTWTw+
 CbLeOP6fVq2iwJ8jPVDdGL3T8xZ7yBGH44XOB4r5rUbNSw8pau86RC+pSf/McHQ7
 WmShsVNDAfWxuLBDvfr9bGCSPL3Hk7SrSgOM5CZS2OspABllFmqXdIn6fuySO73I
 AyCDwr9qGAbQMIvNGn1DmF4GyVc1LPRctBRwz91j6//hjVewSpgtRT45BYdRp3mO
 cy/5XWdXbVFg/srctH91YNeUt0/F/fepEbqLR7MQ55q8cCQNo28/9PfL0JEovu1x
 tnGkNHea0o2YNxv2NZfK
 =gIwg
 -----END PGP SIGNATURE-----
--- a/apparmor-abstractions-no-multiline.diff
+++ b/apparmor-abstractions-no-multiline.diff
@ -3,7 +3,7 @@ Index: profiles/apparmor.d/abstractions/X
 ===================================================================
 --- profiles/apparmor.d/abstractions/X.orig	2014-10-18 13:11:18.498652324 +0200
 +++ profiles/apparmor.d/abstractions/X	2014-10-18 13:11:31.097494817 +0200
-@@ -23,9 +23,7 @@
+@@ -24,9 +24,7 @@
   # the unix socket to use to connect to the display
   /tmp/.X11-unix/*           w,
--- a/apparmor-changes-since-2.9.1.diff
+++ b/apparmor-changes-since-2.9.1.diff
@ -1,374 +0,0 @@
 ------------------------------------------------------------
 revno: 2839
 committer: Christian Boltz <apparmor@cboltz.de>
 branch nick: 2.9
 timestamp: Sun 2015-01-18 14:57:10 +0100
 message:
  Add some tests for logparser.py based on the log lines from
  https://bugs.launchpad.net/apparmor/+bug/1399027
  Also move some existing tests from aa_test.py to test-logparser.py and
  adds checks for RE_LOG_v2_6_audit and RE_LOG_v2_6_syslog to them.
  Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
 ------------------------------------------------------------
 revno: 2838
 committer: Christian Boltz <apparmor@cboltz.de>
 branch nick: 2.9
 timestamp: Sat 2015-01-17 14:35:38 +0100
 message:
  update logparser.py to support the changed syslog format by adding
  (audit:\s+)?   to RE_LOG_v2_6_syslog
  References: https://bugs.launchpad.net/apparmor/+bug/1399027
  Acked-by: Seth Arnold <seth.arnold@canonical.com> (for trunk)
  Acked-by: Steve Beattie <steve@nxnw.org> for 2.9 as well
 ------------------------------------------------------------
 revno: 2837
 committer: Christian Boltz <apparmor@cboltz.de>
 branch nick: 2.9
 timestamp: Mon 2014-12-22 17:57:40 +0100
 message:
  Fix the dnsmasq profile to allow executing bash to run the --dhcp-script
  argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
  leasehelper script to run even on x86_64.
  References: https://bugzilla.opensuse.org/show_bug.cgi?id=911001
  Patch by "Cédric Bosdonnat" <cbosdonnat@suse.com>
  Note: the original patch used {lib,lib64} - I changed it to lib{,64} to
  match the style we typically use.
  Acked-by: John Johansen <john.johansen@canonical.com>
  (backport of trunk r2841)
 ------------------------------------------------------------
 revno: 2836
 committer: Christian Boltz <apparmor@cboltz.de>
 branch nick: 2.9
 timestamp: Mon 2014-12-22 17:51:02 +0100
 message:
  update and cleanup usr.sbin.dovecot profile
  Add #include <abstractions/dovecot-common> to the usr.sbin.dovecot
  profile. Effectively this adds "deny capability block_suspend," which
  is the only missing part from
  https://bugs.launchpad.net/apparmor/+bug/1296667/
  Also remove "capability setgid," (covered by
  abstractions/dovecot-common) and "@{PROC}/filesystems r," (part of
  abstractions/base).
  Acked-by: John Johansen <john.johansen@canonical.com>
  (backport of trunk r2840)
 ------------------------------------------------------------
 revno: 2835
 committer: Christian Boltz <apparmor@cboltz.de>
 branch nick: 2.9
 timestamp: Mon 2014-12-22 17:43:54 +0100
 message:
  Add some missing /run/dovecot/* to usr.lib.dovecot.imap{, -login}
  Add the needed permissions as reported in
  https://bugs.launchpad.net/apparmor/+bug/1296667/ comment #1
  to the usr.lib.dovecot.imap and imap-login profiles.
  Acked-by: John Johansen <john.johansen@canonical.com>
  (backport of trunk r2839)
 ------------------------------------------------------------
 revno: 2834
 committer: Christian Boltz <apparmor@cboltz.de>
 branch nick: 2.9
 timestamp: Mon 2014-12-22 17:39:29 +0100
 message:
  update the mysqld profile in the extras directory to
  something that works on my servers ;-)
  Acked-by: John Johansen <john.johansen@canonical.com>
  (backport of trunk r2838)
 ------------------------------------------------------------
 revno: 2833
 committer: Christian Boltz <apparmor@cboltz.de>
 branch nick: 2.9
 timestamp: Fri 2014-12-19 13:57:12 +0100
 message:
  fix network rule description in apparmor.d.pod
  (backport from trunk r2837)
  Acked-by: John Johansen <john.johansen@canonical.com> (for trunk)
  Acked-by: Steve Beattie <steve@nxnw.org> (for 2.9)
 ------------------------------------------------------------
 === modified file 'parser/apparmor.d.pod'
 --- parser/apparmor.d.pod	2014-12-12 14:20:31 +0000
 +++ parser/apparmor.d.pod	2014-12-19 12:57:12 +0000
@@ -61,7 +61,7 @@
 B<CAPABILITY> = (lowercase capability name without 'CAP_' prefix; see
 capabilities(7))
 -B<NETWORK RULE> = 'network' [ [ I<DOMAIN> ] [ I<TYPE> ] [ I<PROTOCOL> ] ] ','
 +B<NETWORK RULE> = 'network' [ [ I<DOMAIN> [ I<TYPE> | I<PROTOCOL> ] ] | [ I<PROTOCOL> ] ] ','
 B<DOMAIN> = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'bluetooth' | 'netlink' ) ','
 === modified file 'profiles/apparmor.d/usr.lib.dovecot.imap'
 --- profiles/apparmor.d/usr.lib.dovecot.imap	2014-09-25 22:37:14 +0000
 +++ profiles/apparmor.d/usr.lib.dovecot.imap	2014-12-22 16:43:54 +0000
@@ -26,6 +26,7 @@
   @{HOME} r, # ???
   /usr/lib/dovecot/imap mr,
 +  /{,var/}run/dovecot/auth-master rw,
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.lib.dovecot.imap>
 === modified file 'profiles/apparmor.d/usr.lib.dovecot.imap-login'
 --- profiles/apparmor.d/usr.lib.dovecot.imap-login	2014-06-27 19:14:53 +0000
 +++ profiles/apparmor.d/usr.lib.dovecot.imap-login	2014-12-22 16:43:54 +0000
@@ -24,6 +24,7 @@
   network inet6 stream,
   /usr/lib/dovecot/imap-login mr,
 +  /{,var/}run/dovecot/anvil rw,
   /{,var/}run/dovecot/login/ r,
   /{,var/}run/dovecot/login/* rw,
 === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
 --- profiles/apparmor.d/usr.sbin.dnsmasq	2014-12-02 17:46:26 +0000
 +++ profiles/apparmor.d/usr.sbin.dnsmasq	2014-12-22 16:57:40 +0000
@@ -45,6 +45,8 @@
   /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
 +  /bin/bash ix, # Required to execute --dhcp-script argument
 +
   # access to iface mtu needed for Router Advertisement messages in IPv6
   # Neighbor Discovery protocol (RFC 2461)
   @{PROC}/sys/net/ipv6/conf/*/mtu r,
@@ -64,7 +66,7 @@
   /{,var/}run/libvirt/network/*.pid rw,
   # libvirt lease helper
 -  /usr/lib/libvirt/libvirt_leaseshelper ix,
 +  /usr/lib{,64}/libvirt/libvirt_leaseshelper ix,
   /{,var/}run/leaseshelper.pid rwk,
   # NetworkManager integration
 === modified file 'profiles/apparmor.d/usr.sbin.dovecot'
 --- profiles/apparmor.d/usr.sbin.dovecot	2014-09-03 19:45:56 +0000
 +++ profiles/apparmor.d/usr.sbin.dovecot	2014-12-22 16:51:02 +0000
@@ -15,6 +15,7 @@
 /usr/sbin/dovecot {
   #include <abstractions/authentication>
   #include <abstractions/base>
 +  #include <abstractions/dovecot-common>
   #include <abstractions/mysql>
   #include <abstractions/nameservice>
   #include <abstractions/ssl_certs>
@@ -25,7 +26,6 @@
   capability fsetid,
   capability kill,
   capability net_bind_service,
 -  capability setgid,
   capability setuid,
   capability sys_chroot,
@@ -34,7 +34,6 @@
   /etc/lsb-release r,
   /etc/SuSE-release r,
   @{PROC}/@{pid}/mounts r,
 -  @{PROC}/filesystems r,
   /usr/bin/doveconf rix,
   /usr/lib/dovecot/anvil Px,
   /usr/lib/dovecot/auth Px,
 === modified file 'profiles/apparmor/profiles/extras/usr.sbin.mysqld'
 --- profiles/apparmor/profiles/extras/usr.sbin.mysqld	2007-05-16 18:51:46 +0000
 +++ profiles/apparmor/profiles/extras/usr.sbin.mysqld	2014-12-22 16:39:29 +0000
@@ -1,6 +1,9 @@
 +# Last Modified: Mon Dec  1 22:23:12 2014
 +
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
 +#    Copyright (C) 2014 Christian Boltz
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -8,12 +11,12 @@
 #
 # ------------------------------------------------------------------
 # vim:syntax=apparmor
 -# Last Modified: Wed Aug 17 14:28:07 2005
 #include <tunables/global>
 /usr/sbin/mysqld {
   #include <abstractions/base>
 +  #include <abstractions/mysql>
   #include <abstractions/nameservice>
   #include <abstractions/user-tmp>
@@ -21,8 +24,22 @@
   capability setgid,
   capability setuid,
 +  /etc/hosts.allow r,
 +  /etc/hosts.deny r,
   /etc/my.cnf r,
 +  /etc/my.cnf.d/ r,
 +  /etc/my.cnf.d/*.cnf r,
 +  /root/.my.cnf r,
 +  /usr/lib{,32,64}/**.so mr,
   /usr/sbin/mysqld r,
 +  /usr/share/mariadb/*/errmsg.sys r,
 +  /usr/share/mysql-community-server/*/errmsg.sys r,
   /usr/share/mysql/** r,
 -  /var/lib/mysql/** lrw,
 +  /var/lib/mysql/ r,
 +  /var/lib/mysql/** rwl,
 +  /var/log/mysql/mysqld-upgrade-run.log w,
 +  /var/log/mysql/mysqld.log w,
 +  /var/log/mysql/mysqld.log-20* w,
 +  /{,var/}run/mysql/mysqld.pid w,
 +
 }
 === modified file 'utils/apparmor/logparser.py'
 --- utils/apparmor/logparser.py	2014-08-20 22:55:44 +0000
 +++ utils/apparmor/logparser.py	2015-01-17 13:35:38 +0000
@@ -25,7 +25,7 @@
 _ = init_translation()
 class ReadLog:
 -    RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=')
 +    RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?(audit:\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=')
     RE_LOG_v2_6_audit = re.compile('type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=')
     # Used by netdomain to identify the operation types
     # New socket names
 === modified file 'utils/test/aa_test.py'
 --- utils/test/aa_test.py	2014-07-26 00:49:06 +0000
 +++ utils/test/aa_test.py	2015-01-18 13:57:10 +0000
@@ -86,29 +86,6 @@
         for path in globs.keys():
             self.assertEqual(apparmor.aa.glob_path_withext(path), globs[path], 'Unexpected glob generated for path: %s'%path)
 -    def test_parse_event(self):
 -        parser = apparmor.logparser.ReadLog('', '', '', '', '')
 -        event = 'type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30'
 -        parsed_event = parser.parse_event(event)
 -        self.assertEqual(parsed_event['name'], '/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg', 'Incorrectly parsed/decoded name')
 -        self.assertEqual(parsed_event['profile'], '/usr/sbin/httpd2-prefork//vhost_foo', 'Incorrectly parsed/decode profile name')
 -        self.assertEqual(parsed_event['aamode'], 'PERMITTING')
 -        self.assertEqual(parsed_event['request_mask'], set(['w', 'a', '::w', '::a']))
 -        #print(parsed_event)
 -
 -        #event = 'type=AVC msg=audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name=74657374207370616365 pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0'
 -        #parsed_event = apparmor.aa.parse_event(event)
 -        #print(parsed_event)
 -
 -        event = 'type=AVC msg=audit(1322614918.292:4376): apparmor="ALLOWED" operation="file_perm" parent=16001 profile=666F6F20626172 name="/home/foo/.bash_history" pid=17011 comm="bash" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=1000'
 -        parsed_event = parser.parse_event(event)
 -        self.assertEqual(parsed_event['name'], '/home/foo/.bash_history', 'Incorrectly parsed/decoded name')
 -        self.assertEqual(parsed_event['profile'], 'foo bar', 'Incorrectly parsed/decode profile name')
 -        self.assertEqual(parsed_event['aamode'], 'PERMITTING')
 -        self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a','::r' , '::w', '::a']))
 -        #print(parsed_event)
 -
 -
     def test_modes_to_string(self):
         for string in self.MODE_TEST.keys():
 === added file 'utils/test/test-logparser.py'
 --- utils/test/test-logparser.py	1970-01-01 00:00:00 +0000
 +++ utils/test/test-logparser.py	2015-01-18 13:57:10 +0000
@@ -0,0 +1,71 @@
 +# ----------------------------------------------------------------------
 +#    Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
 +#    Copyright (C) 2015 Christian Boltz <apparmor@cboltz.de>
 +#
 +#    This program is free software; you can redistribute it and/or
 +#    modify it under the terms of version 2 of the GNU General Public
 +#    License as published by the Free Software Foundation.
 +#
 +#    This program is distributed in the hope that it will be useful,
 +#    but WITHOUT ANY WARRANTY; without even the implied warranty of
 +#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +#    GNU General Public License for more details.
 +#
 +# ----------------------------------------------------------------------
 +import unittest
 +
 +from apparmor.logparser import ReadLog
 +
 +class TestParseEvent(unittest.TestCase):
 +    def setUp(self):
 +        self.parser = ReadLog('', '', '', '', '')
 +
 +    def test_parse_event_audit_1(self):
 +        event = 'type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30'
 +        parsed_event = self.parser.parse_event(event)
 +        self.assertEqual(parsed_event['name'], '/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg')
 +        self.assertEqual(parsed_event['profile'], '/usr/sbin/httpd2-prefork//vhost_foo')
 +        self.assertEqual(parsed_event['aamode'], 'PERMITTING')
 +        self.assertEqual(parsed_event['request_mask'], set(['w', 'a', '::w', '::a']))
 +
 +        self.assertIsNotNone(ReadLog.RE_LOG_v2_6_audit.search(event))
 +        self.assertIsNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
 +
 +    def test_parse_event_audit_2(self):
 +        event = 'type=AVC msg=audit(1322614918.292:4376): apparmor="ALLOWED" operation="file_perm" parent=16001 profile=666F6F20626172 name="/home/foo/.bash_history" pid=17011 comm="bash" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=1000'
 +        parsed_event = self.parser.parse_event(event)
 +        self.assertEqual(parsed_event['name'], '/home/foo/.bash_history')
 +        self.assertEqual(parsed_event['profile'], 'foo bar')
 +        self.assertEqual(parsed_event['aamode'], 'PERMITTING')
 +        self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a','::r' , '::w', '::a']))
 +
 +        self.assertIsNotNone(ReadLog.RE_LOG_v2_6_audit.search(event))
 +        self.assertIsNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
 +
 +    def test_parse_event_syslog_1(self):
 +        # from https://bugs.launchpad.net/apparmor/+bug/1399027
 +        event = '2014-06-09T20:37:28.975070+02:00 geeko kernel: [21028.143765] type=1400 audit(1402339048.973:1421): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/dev/tty" pid=14335 comm="hello" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0'
 +        parsed_event = self.parser.parse_event(event)
 +        self.assertEqual(parsed_event['name'], '/dev/tty')
 +        self.assertEqual(parsed_event['profile'], '/home/cb/linuxtag/apparmor/scripts/hello')
 +        self.assertEqual(parsed_event['aamode'], 'PERMITTING')
 +        self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a', '::r', '::w', '::a']))
 +
 +        self.assertIsNone(ReadLog.RE_LOG_v2_6_audit.search(event))
 +        self.assertIsNotNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
 +
 +    def test_parse_event_syslog_2(self):
 +        # from https://bugs.launchpad.net/apparmor/+bug/1399027
 +        event = 'Dec  7 13:18:59 rosa kernel: audit: type=1400 audit(1417954745.397:82): apparmor="ALLOWED" operation="open" profile="/home/simi/bin/aa-test" name="/usr/bin/" pid=3231 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0'
 +        parsed_event = self.parser.parse_event(event)
 +        self.assertEqual(parsed_event['name'], '/usr/bin/')
 +        self.assertEqual(parsed_event['profile'], '/home/simi/bin/aa-test')
 +        self.assertEqual(parsed_event['aamode'], 'PERMITTING')
 +        self.assertEqual(parsed_event['request_mask'], set(['r', '::r']))
 +
 +        self.assertIsNone(ReadLog.RE_LOG_v2_6_audit.search(event))
 +        self.assertIsNotNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
 +
 +
 +if __name__ == "__main__":
 +    unittest.main(verbosity=2)
--- a/apparmor-fix-stl-ostream.diff
+++ b/apparmor-fix-stl-ostream.diff
@ -1,35 +0,0 @@
 Index: parser/dbus.cc
 ===================================================================
 --- parser/dbus.cc.orig	2014-10-08 22:20:20.000000000 +0200
 +++ parser/dbus.cc	2015-02-24 14:10:15.656288643 +0100
@@ -149,7 +149,7 @@ ostream &dbus_rule::dump(ostream &os)
 	if (interface)
 		os << " interface=\"" << interface << "\"";
 	if (member)
 -		os << " member=\"" << member << os << "\"";
 +		os << " member=\"" << member << "\"";
 	if (!(mode & AA_DBUS_BIND) && (peer_label || name)) {
 		os << " peer=( ";
 Index: parser/af_rule.cc
 ===================================================================
 --- parser/af_rule.cc.orig	2014-09-03 22:34:10.000000000 +0200
 +++ parser/af_rule.cc	2015-02-24 14:14:31.851251654 +0100
@@ -148,11 +148,14 @@ ostream &af_rule::dump_peer(ostream &os)
 ostream &af_rule::dump(ostream &os)
 {
 -	os << dump_prefix(os);
 +	dump_prefix(os);
 	os << af_name;
 -	os << dump_local(os);
 +	dump_local(os);
 	if (has_peer_conds())
 -		os << " peer=(" << dump_peer(os) << ")";
 +	  {
 +	    os << " peer=(";
 +	    dump_peer(os) << ")";
 +	  }
 	os << ",\n";
 	return os;
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Fri Apr 24 20:21:32 UTC 2015 - opensuse@cboltz.de
 - update to AppArmor 2.9.2 (2.9 branch r2911)
  - lots of bugfixes in the parser and the aa-* tools (including
    boo#918787)
  - update dovecot and dnsmasq profiles and several abstractions
    (including boo#911001)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the
    full changelog
 - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
  apparmor-fix-stl-ostream.diff
 - replace GPG key with new AppArmor GPG signing key, see
  https://launchpad.net/apparmor/+announcement/13404
 -------------------------------------------------------------------
 Fri Apr 17 18:46:08 UTC 2015 - opensuse@cboltz.de
--- a/apparmor.keyring
+++ b/apparmor.keyring
@ -1,82 +1,65 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v2
-mQGiBEPw2O4RBAD8PZ+0NfCEIBjuDXQjdb6vi642wRIrN7v67GTfNQ+uggGKESRe
+mQINBFUwHrABEADZVFn6TF2SxrpMiknHVeUHW7l4mOjHcxtULlEOQ3yaxyNxA0iE
-grFumlArz5MbJVLinyIsCqigwyBpspXeyP6cMrzTudmmwQJJN9caejoAu5029wjX
+GFWnbP7ek2cjzrfNIA1HNiS0FNsKipRAd5EfRUvJO3lrVfPBRBMLExeyA5h8vXtc
-WTrfwsPbqavwcQSfZlVJOKjLplUCzOcb808UOMYISz5mZmFGzfJpPLTMtwCg4CH+
+fcp9zpmKAlNVkx85LtVHxch6eUZapNPwqxKJFiDCrFM/zGk4vbRODy2KO3C8XWiy
-e9ZoyqMz1GrkPqjWeOVHgjMD/1D/PW8c1DzBar6zaxNXtQOLtlWn5eqLwWJX7XhG
+gHQEW4mjPEsJw6xhyNC63LpCRol7qQu8j6rLJur7GWzSaLKgcUpDktsMJhNRPmCd
-DM2YPD0vWyPYnx/5agg6YyouO6xiNi4lPDvEUu8+PqHHZz7Cl9Iu36ruAuhc87vQ
+Dzb4mbEsbSmWUZ0C2e4HqTs6yjkc3HCIPCsxi4Y8e55qVJRvmOvlx0vGqfUrZyXD
-U10frmHHcdNoko/aetFfNSrXwD+mEhhrob0kIEEIe4K+KfTPKC+aQuUVwciuDiM1
+cUQb8PX02V7sjA1DvE4PnZ8yHj1bS7/Q9x+R5ZjTMkqQ0cYXFnMb8pJ/oZucwl41
-+7ukA/46YWHIwkqFCUzjhJwu5hb4kGeYS1bcMrD5xCMcVzUdJPFcmz1AVclwAZ61
+RM7Nc57J7XLJmLRv/E7OL4v9DrobIPMOLvAU+PPdYzw+mUZx0jElOo84135nR/0K
-PYRRUs4xOJ5QeQty/1n4L5ylOJ8mfzXartC4ZY0OqDrXgLg/HhxPfvLfKvZ9xvBq
+EC7twaZxXVfF79iCY3OEhbHlPUH+62ucfcIdiV+TBKMhx70XJb4qDn1iDo2XW++N
-AIIJeqGmN2Dq/+Q70kA/5Ck4hUABBoTMQZABWQkCh3POwMCwhbRMQXBwQXJtb3Ig
+8LF+7sZNLJnfJ7QfHUwVodWIXNaMsGOfknrZ4mcYbhETk2t6RpfmWUp61nVGeXgo
-RGV2ZWxvcG1lbnQgVGVhbSAoQXBwQXJtb3Igc2lnbmluZyBrZXkpIDxhcHBhcm1v
+t1k3DXH93rFyccnEkGI8Y/+zFNN2QuZUx56kq6OF4Z3bhk7tSwA1/RubDRoNEQgF
-ckBsaXN0cy51YnVudHUuY29tPohqBBMRCgAqAhsDAh4BAheAAhkBBQsJCAcDBRUK
+94eGrKMgCfHhwPcV6KCtigtmXbdzhFQS5hJkvGOBHhVht9KbMrs9zh4RLQARAQAB
-CQgLBRYCAwEABQJNXEDoBQkPDwJtAAoJEIE3mLmskxJxVFgAnjSeh2O03PKF0UJz
+tExBcHBBcm1vciBEZXZlbG9wbWVudCBUZWFtIChBcHBBcm1vciBzaWduaW5nIGtl
-T13Fn1yK1IvaAJ9bQ3EuAw03b/RkIQUx5SQSXyDDdIhqBBMRCgAqAhsDBQkJZgGA
+eSkgPGFwcGFybW9yQGxpc3RzLnVidW50dS5jb20+iQI9BBMBCgAnBQJVMB6wAhsD
-Ah4BAheAAhkBBQJMjkjTBQsJCAcDBRUKCQgLBRYCAwEAAAoJEIE3mLmskxJxQ4wA
+BQkPCZwABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEGaJ5k49NmS7Lp4QAIS3
-oMb9+wVfGopVNTM/pwAFH+vcE1MaAKCUq/IOsOI0yRY7QVre3Rinzpy2/ohqBBMR
+D070h7N/giZLUsciLedixqLW8bDzDNFLLturd9ng3x3GwEGdEzibh4TASE6fAQAR
-CgAqAhsDBQkJZgGAAh4BAheAAhkBBQJMoOLLBQsJCAcDBRUKCQgLBRYCAwEAAAoJ
+x6oW51ndgI5o7ZoNU3I0I/uLPM1B6YscmN9W2SD5oK8uQ7/K5//b8OGLq/cg1ych
-EIE3mLmskxJxy6UAoN0PvpcVaBF9j6s46I6y5p12MBH3AJ0aiUVZj78cjyEprsJ6
+O2lAh5jaGAhmfHy1MS4ZPQ9zbuwARddB7ESD81P4XIRvd/XzfsB2xW+k/7IR/P3M
-nuWqDm+dS4kCIAQQAQoACgUCTI5JiAMFAXgACgkQLwmejQBegfQtjw//ZVFIv/UR
+ZQg+GZm6PxgbK6iwlVyWKj1NyTppzxCWu1yljlbq+Noi5LiucbRdG5qCrymnjgwR
-CsfamtmqEE/nZ7XfTh495SjHGQy3q4nZvLyfHHiF+XVQtD7JIlHzYpwGz4kla73c
+kTeFlvBLYP7NDUifP6JsHgxwKbmvrMmFVJTRx2QnsmGv5DA0Evyz8Bof78S4lJQJ
-aM/tLts6bhNgVKQPqazi59NwrHV5dwCiP9B+pX2wdBsjNfgGROiPcVugO+R3hJst
+TkfiiBmWUc6VNv3IQ56PqMQ6RlsKdaGUxXlcPekyeWKC5K6r80m8YjJNBQ+RQMlh
-6JwbQ7P0wKM0MelySPaYL67K69/NsSCrhR4ds5DF0if7yIwKCZF5U9B2PTwe1UOt
+OC7AIckqcB/wPk3/iHvuNbJ0oNd/x/BFBgCs1Wlkktah+tc1aYVPvN1MKhChKD++
-U09JP0mk0rMuZSe/nqgM4DCIa1zk2NwXxRG3EC7S4oEl9/yez7EgNRh54sRPFXXb
+RJYZE+BzR3HSgwBE2Oth7s53D+7ZZPtQoQvhxgKBLAlO7rvhlZi1G0id2BaAqris
-craW5oosZRo1bJtp3Pn9cQPH8acObmw7B5lqRQD5lgpdTi4KewqFpTbgKFOqyMrB
+Bwj/zFztNewOFCplM4cIXN2pRthgTJYSv/lCarnHsenTZ9zqqkWj3OsFPcMeWhtI
-0Dk3ZR8K968yEdsVJnp9kjSMCkcETszi4bODBqF+dsLErZxr1WPXY77Hbt8hlAEK
+p3jyHXbGC9PtzodG51Aefmz0TqUwIvQxXQ6gOTVlGxMK64MweypYLxMOh9bQOMpS
-sX+ebsHFDKM95IMKbMKawdnw+RBDU/b5B5N6z7WokFY6G0/l0xI4B1mAi2kqNo6b
+29XKiX1dKB9ThjTJ6cDBKS7tnZ3cRxAHD3ZOGtiIiEYEEBEKAAYFAlUwIioACgkQ
-vtZ1Ss6Y3yHzRxL1+qfEZQ4XsMQ7raMZ2zZnnVxH0amF4JD4iPVxt882VwABys/F
+gTeYuayTEnF41wCfVgK6+6dvch7YdkxGYOzkyt2G/EEAoIJq94o9guRD5OWVKS6N
-abwh39NZVjz/39VA3cCNdwys/AO1fGJ9SvhiZrhORP/17qXH+zV9EqZyoLB3oAZG
+gkjXvKQtiQIcBBABCgAGBQJVMCJMAAoJEC8Jno0AXoH0orQP/Rjx0Mdsorjfir+Y
-UAyFo2Wzdk/m2lJhk3+2DAzxojvp8xrjhZg6GsQW98dHOVg3lWL3KdwK7hR7nV6Z
+ahNk5g4y4ZH425usPRMxRARNpZeGu58RLWOmSW5Fv//I95V0GnK8vyl5YuquHBJM
-M5N9xawzkjwM6GJJ81ewk1l5L3IuCTdU0WGIagQTEQoAKgIbAwIeAQIXgAIZAQUL
+BRN4PR1XqHUqXdzG8zPZLG5elcqyV3cs58QSUyO+6Nbh4OY/VxqcawZYFaL5XE8N
-CQgHAwUVCgkICwUWAgMBAAUCUwFh/gUJEPG8hQAKCRCBN5i5rJMScanlAKDWnPJE
+y0qo2zeFcACIgsmuPMGBgkB3LAEJQxYZab6n2uIuMnJVai2DSIO5Ql2XC4mrKZOW
-GRDtnSgFmBTIb7qTGfyGOgCgn2twDY+VYYACfjfL5wSzBIvbplOJARwEEAECAAYF
+2GG6vlvM/MmrKKD+gFKCoGvoea9wYYb/3Lu/DU7nARGcCYyvX2zRTuasUO95Anm5
-AlIOZ2YACgkQ8yFyWZ2NLpf95AgAqLVKvGMe9AU6bOKN9EdI6NPIDBYIqVMq2cmK
+zYxeXMvSJEq36U+xPLliTcT+bZrzf/dK93SSi/B6txYdM1KQhU0/vLQtdtDDQPFO
-xJ6k8PDSwJlLefCXo+V4Fo0FAgI6lQma6PpjNKfB2RwJzBRr90wDeDf4LopSYLTp
+edvHIVo+UFrve/lNYSmNEcjgd7iAGwFPe7y6dAQs3KQvE70g10KuSVQuYqSVHJ7t
-tXF7R/IZ1apx5xn54sQobdHDQNGCprkljSJmyZlvpXJNbyAJNPU90Cbj52ZnEuaY
+AC0AGHHsBcijFLzsSn9hOve8DSo/Jwjgvb1Rx1wl8RsmegATOik7FnWRsU+2OM9f
-LKqE5TOfvr4hQ49DFyVU7CFsFzWqjDKo4+2d3DDMcDC658h10jqkNGuW0kvIn1sL
+/BU3sLXuKWRQFXiVHsEpRO+vKVFVtcdu7BGzuFBnLS26SNP2jKRYIWJ1ea177w82
-B/WysMcXXe4Uj+mlvBT+aCYSmQhqjiDx7mEaDyq0g/wVI16JvfOj/snL1RE629DE
+vcjX5URSTBSQef0ABuYgzcV3CmTkKmpDmy49X+bpLQjYwX26XVh4Fm8yULTXT+Wc
-dGLiSJiyppXUKN7uUPtBTfGVcaQl+37MOi6DJ7KkKF0Sd0OYHbRQQXBwQXJtb3Ig
+pyDNf4itO8VSQpzrecBBcNJnyYvKBOuV0ASs4bZ0/ghmfGNHENk18ZQHZQ0pI1vX
-RGV2ZWxvcG1lbnQgVGVhbSAoQXBwQXJtb3Igc2lnbmluZyBrZXkpIDxhcHBhcm1v
+eNk5l60Ensk0WWA/sz1732WzhTtRuQINBFUwHrABEACzq2cDh5gGH419PwIGmkxY
-ci1kZXZAZm9yZ2Uubm92ZWxsLmNvbT6IRgQQEQIABgUCQ/DcnQAKCRCq4Ef4O5hq
+rZWyVglmXPI/4sf/dAqyrr/FRkSNW+VZzw/yLVfA4zW9ttYReJsmFKqXpSoF8ci5
-8zHbAKCdvXzNIDqtgYk1f/bsuPkeS3kX7QCeI8eHe/s7pK4BNJ+LP8fIsXQPpwmI
+RfZf1fba9xv4I5x4WBGNcaUZzdKm7vMW/reJRDsNw7f6zvL9VlUUtlL8lSnsObbE
-TAQQEQIADAUCQ/DrnQWDCWXu0QAKCRD72e4z2bCgmU6AAJ4gd95sCBuJrT41eKfF
+yCrI8oMUwJzu8ojFMiUfRfmQ0IQrYC8hFgmMkknsG6gQTrKSX3xDmFPeAaN11TA1
-jJgbKkk3PQCdF/v8Hx6UKbwU2QTnXZvTDt54gcmITAQQEQIADAUCQ/Dr5QWDCWXu
+9thm+GrcEbKvDMiS5RGG924Lmz+67C+hmKc6HRvDPkNp6prDmiMiLkCun6qQQC5b
-iQAKCRCv5SzGOaalP97MAKDo/w3w/13SGGhddksiJx6CsIydmACgnZM8wQf+uQCn
+jdO3yKlEuhxeNcNAxKIEpv5Syy9gEXXT8DeLQmutSHHb1SYSMB6mzX7b+3wtka+E
-D05sP8IWMVVU18CIZgQTEQIAJgUCQ/DY7gIbAwUJCWYBgAYLCQgHAwIEFQIIAwQW
+uCwWk3VrutpOHD0HCJMMtxbLrtlyq8v+3m8v9tyfNBVaeFyR7IEt9ciGiIe5eNw8
-AgMBAh4BAheAAAoJEIE3mLmskxJxgCsAn0tuS2wJQ1OIz+Uy1xiVidW0q6u/AJ9J
+R3E3BRGEIW7ABs55rnA47mmVO6nBGq8VMriLCeVSO7I/D+9enSvcTng78PK99iBW
-ElRNwTFgvK4+fmVJWTyvLxUBZYhnBBMRAgAnAhsDAh4BAheABQsJCAcDBRUKCQgL
+7e6gbGtGUXLpvx/bu61HpQrnG4DWVJ7jk6W2bbSLclT8DwJDQiN+poamNuoQjqAW
-BRYCAwEABQJNXEEDBQkPDwJtAAoJEIE3mLmskxJxAD0An1LlCGM3KFMx6esXKwBV
+xrxsYPNRsc6/Ro0LJMXAkc0xQqShtXl2pdCdJroj8gXq3i3HpQfDZrjzNbW02gMN
-7wKrOItGAJ9XA/0RTuFYxlUcHgjnpgbbpnro0YhnBBMRAgAnAhsDBQkJZgGAAh4B
+HSCR5QpmGS4UrL8ex+3DYnGUZh/SxMVVVbRQ4dPbO5yTbwDdaQkAenA6Faj4lM7S
-AheABQJMoOLgBQsJCAcDBRUKCQgLBRYCAwEAAAoJEIE3mLmskxJxKxIAoJS5dvwi
+jv4ToiG6Ld6c6UMU1B5CVQARAQABiQIlBBgBCgAPBQJVMB6wAhsMBQkPCZwAAAoJ
-iylcYdF1O/k6exULYN6lAKCnIDB/prGCAsNI5Q4u7MO607fLL4hnBBMRAgAnAhsD
+EGaJ5k49NmS7LfwP/0M+kTh5bviy4rr6OtCUnd/qCob/DBLkbCbHrEZz/+2yUQa1
-Ah4BAheABQsJCAcDBRUKCQgLBRYCAwEABQJTAWIsBQkQ8byFAAoJEIE3mLmskxJx
+IS93BjKrU2umD/CcMEU0F6yltHr7QtFufWEkcz1HvfRru2H1B3rrNxr1cab0ek7K
-wgAAn0ubiW6hY0nSav7+U4V9gklKhvViAJ9Bx6SgTw4NzJhulZKOCr8TrrCuM7kE
+456gN5Os2/jP/1L4BsAjAPii1wthpH59z8m333L2uDnkkd8cUTaIW+TBPG2wN2C
-DQRD8NsGEBAAgakVLKVcf5Q1//PvVRy9xEYjLrao27eOrj39O/RFqk/Tex2H9dmt
+OJ+Pgyd9SAaqpVFmO0CoLhWixyK42OJTbm12SyeUq2VlVX+v+S2rql64RZJI9Kcn
-ZApN5eXDo4ckWiDrveW8gKp3wLk7z/ZB4Tz5zgeM7VB3BSVjnOJiTE4Szf4eADRE
+N/36kWAgMdDuCpa8XEhJP2DxC8QcFyduP7/ZdYJZNWuiny6VP+HKblP6Imnc6xjz
-2lYfu1kIBgV/4sHUnwXFMb25Rh9k4E37ZRA+jpq6L71xtGmqHN9OQUKojz9TRDew
+HXSQauDsp5hUuxz+aLaAJSS1yBA23lfdhf+Yfu4ruMGFICdHXAkRXBt2JFIVskt3
-nzXzdOiPiJRNLHxIx5U2LFmcwx72dvTIDKdA8i91nlo4I0VBOMv8sIkVu+1jniff
+cL/tBrNEkDi0JG6FzYAS9gLJIyvlJlElgXXF0OZl60kjh254xRDEH5Q8/spBDdzw
-G4jcMoGzZGKc70BG8ZcXgZnYh8wjCxb6l9t/iD5lVbRtGJPtonjUfc4i+AMRhPlb
+0FkHS3hPWjM3sDSSZuX9YAZDzw0wQGM6sl4y+BX8I2JerhF9SIS606NAaT+06kOH
-2rgDBpMlS2QxPm01aca2BkW1u4jAzc1+NBUlFSxQ1hULVmmGn4VgB5guFB4rb1ru
+5wa4S51u6XN+UdXoXa6XSo/fqhVHt/5Mu1A90gMkA65ji0X+Xu/Yoo3Ui1Tx584t
-LWMUkOfUZUFGi08ZD3qeEqjrYpq+Q5IAhnflxWNVIOxnvHBlbRrA5RTHBmy9kn6J
+qtHJFnDQa4wJbmjB7uzqbpkk7xKFII1vgLayS8MkFvg+lnmjvgr/ve0hoHZnVCSz
-QZxgYKViTk8fjpr37Dyb9McL+4yxq+fydYUA0sLJSeg/vNqm7tS3KtBsN9vKiPTi
+md9kZgGkKQfTaGFIZRc24D44tcIL1K20B+cskRqhpee7EGaba7sazdpVk3A0
-tT1fb+DAz0VglV/4Jk6H4VWPNjaJRYdqh8rZSdcQXUUJjSZZDHTbUh7Oa5l33sPf
+=dwg6
 aaru1zfPuhcjecJX3trS1ZkjfX17CUmMt/WzIeP44MObtktsJdqX0LaGsgMSOP/O
 wjr53nHc1y1OZFL/ScO6MHJnYDZVz03mW9VHzB8ZYLdA+BSBUiBH7S8ABA0P/jcl
 vD9ycltAPNWmG/q2gmW8BOLcaYmjfiDZ/sWig1w2A3yoglIGDX3l10K1laXIjQtD
 O3rylXZw2x/fBaslAhObQsaarXcPidYuo3h1rQXTy+0wshpMU97V1H6XQVDKJlvE
 ajyS6j0PidjS1PvxXjaF0wD68vpXJsfK69mthIhM1cQFoLlUjz4GzntfOqhQWt24
 MIk+y3KRChzWN21XXHbBtoFhlFMwU6So0tgGCgwVXZom1jNdZnhchy/1Ek2wsXxs
 dd6FX80n7RGNJ5IqHw2fE7k8sN6AGuaxf3FDVSJOMb4ApxH87k7DDWxBuRRuleu9
 fNHOKh3InOxsAHbwy1ljg2BAWnl5XnTZpczajkO0MuxHqX64WsBYrfMB2dtpyjx6
 GplDcguL699pVuWs0iMq6Vs4sgJaR464ns1WfUwkKy2riCtrDLwnNldCORQtUodV
 x9wkmp8G7OzhARbDOG6uiawjkVAMrFrP1ut27qLOs/83/PKCMJ/iQ1h/esfJWqal
 xVPvXwQl5A5ny7QpWx7G4cyLxyd8VvwsU87HMnn8buhDj/QALsZCAtauGqM9w1GR
 Y3fnVcNKCloDgoBy/zGmpFSAMo4OZbj4y+Vnt175MWQ3KHVxYkwbsjzZYgDYWMOB
 O8BlV41xSc8sqWM8Xm7+EUzbsk6hgkKqD+R2YSveiE8EGBECAA8FAkPw2wYCGwwF
 CQlmAYAACgkQgTeYuayTEnHTiACgr3VoPwEFWOubuBM8cj/7fGWtmN0AnAqZiEd0
 qr4ei1P//IqrpJif8SI4iE8EGBECAA8FAkPw2wcCGwwFCQlmAYAACgkQgTeYuayT
 EnFVPACg0VjGyWMniZ94t/EKcNziWd/01Z8An2vIS4inaHCws74JVV8vUNSVRajP
 =nbr7
 -----END PGP PUBLIC KEY BLOCK-----
--- a/apparmor.spec
+++ b/apparmor.spec
@ -60,7 +60,7 @@ Name:           apparmor
 %if ! %{?distro:1}0
  %define distro suse
 %endif
-Version:        2.9.1
+Version:        2.9.2
 Release:        0
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0+
@ -97,12 +97,6 @@ Patch6:         apparmor-abstractions-no-multiline.diff
 # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
 Patch7:         apparmor-lessopen-profile.patch
 # upstream changes since the 2.9.1 release - bzr diff -r2832..2839 (2.9 branch)
 Patch8:         apparmor-changes-since-2.9.1.diff
 # fix build with GCC 5 due to bad ostream use
 Patch9:         apparmor-fix-stl-ostream.diff
 # update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)
 Patch10:        samba-4.2-profiles.diff
@ -451,8 +445,6 @@ SubDomain.
 %patch6
 %patch7 -p1
 %patch8
 %patch9
 %patch10
 # search for left-over multiline rules
 test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"