- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=150
This commit is contained in:
parent
0b85e41674
commit
a86a930209
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue May 24 12:15:19 UTC 2016 - suse-beta@cboltz.de
|
||||
|
||||
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 22 20:49:24 UTC 2016 - suse-beta@cboltz.de
|
||||
|
||||
|
@ -92,6 +92,9 @@ Patch6: apparmor-abstractions-no-multiline.diff
|
||||
# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
|
||||
Patch7: apparmor-lessopen-profile.patch
|
||||
|
||||
# boo#980596 - latest ping includes IPv6 (commited upstream trunk r3449 / 2.10 branch r3331 / 2.9 branch r3009)
|
||||
Patch8: profiles-ping-inet6-r3449.diff
|
||||
|
||||
Url: https://launchpad.net/apparmor
|
||||
PreReq: sed
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -439,6 +442,7 @@ SubDomain.
|
||||
|
||||
%patch6
|
||||
%patch7 -p1
|
||||
%patch8
|
||||
|
||||
# search for left-over multiline rules
|
||||
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"
|
||||
|
33
profiles-ping-inet6-r3449.diff
Normal file
33
profiles-ping-inet6-r3449.diff
Normal file
@ -0,0 +1,33 @@
|
||||
------------------------------------------------------------
|
||||
revno: trunk r3449 / 2.10 branch r3331 / 2.9 branch r3009
|
||||
committer: Christian Boltz <apparmor@cboltz.de>
|
||||
branch nick: apparmor
|
||||
timestamp: Wed 2016-05-18 21:18:10 +0200
|
||||
message:
|
||||
allow inet6 in ping profile
|
||||
|
||||
The latest iputils merged ping and ping6 into a single binary that does
|
||||
both IPv4 and IPv6 pings (by default, it really does both).
|
||||
This means we need to allow network inet6 raw in the ping profile.
|
||||
|
||||
References: https://bugzilla.opensuse.org/show_bug.cgi?id=980596
|
||||
(contains more details and example output)
|
||||
|
||||
|
||||
Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
|
||||
|
||||
|
||||
=== modified file 'profiles/apparmor.d/bin.ping'
|
||||
--- profiles/apparmor.d/bin.ping 2015-10-20 21:12:35 +0000
|
||||
+++ profiles/apparmor.d/bin.ping 2016-05-18 19:18:10 +0000
|
||||
@@ -18,6 +18,7 @@
|
||||
capability net_raw,
|
||||
capability setuid,
|
||||
network inet raw,
|
||||
+ network inet6 raw,
|
||||
|
||||
/{,usr/}bin/ping mixr,
|
||||
/etc/modules.conf r,
|
||||
|
||||
|
||||
vim:ft=diff
|
Loading…
Reference in New Issue
Block a user