Accepting request 561674 from home:cboltz
- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477) OBS-URL: https://build.opensuse.org/request/show/561674 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=197
This commit is contained in:
Christian Boltz
Git OBS Bridge
parent
772075ecd7
commit
c6c48cc166
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 13:20:20 UTC 2018 - suse-beta@cboltz.de
|
||||
|
||||
- add parser-write-cache-warn-only.diff to make cache write failures a
|
||||
warning instead of an error (boo#1069906, boo#1074429)
|
||||
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests"
|
||||
to avoid pulling in several Gnome packages on servers (boo#1067477)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 25 15:27:03 UTC 2017 - suse-beta@cboltz.de
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
#
|
||||
# spec file for package apparmor
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2011-2017 Christian Boltz
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2011-2018 Christian Boltz
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -67,6 +67,9 @@ Patch7: apparmor-lessopen-profile.patch
|
||||
# logparser.py: ignore ouid if it's 2^32 - 1 which means no ouid given in a log event on 32 bit systems (submitted upstream 2017-12-26)
|
||||
Patch8: 32-bit-no-uid.diff
|
||||
|
||||
# make cache write failures a warning instead of an error - (patch from https://gitlab.com/apparmor/apparmor/merge_requests/49 2018-01-04)
|
||||
Patch9: parser-write-cache-warn-only.diff
|
||||
|
||||
PreReq: sed
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%define apparmor_bin_prefix /lib/apparmor
|
||||
@ -290,8 +293,8 @@ Requires: python-base
|
||||
%endif
|
||||
# aa-unconfined needs ss
|
||||
Recommends: iproute2
|
||||
# aa-notify -p needs notify-send
|
||||
Recommends: libnotify-tools
|
||||
# aa-notify -p needs notify-send (only "Suggests", see boo#1067477)
|
||||
Suggests: libnotify-tools
|
||||
BuildArch: noarch
|
||||
|
||||
%description utils
|
||||
@ -355,6 +358,7 @@ SubDomain.
|
||||
%patch5 -p1
|
||||
%patch7
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
|
||||
%build
|
||||
export SUSE_ASNEEDED=0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package libapparmor
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2011-2017 Christian Boltz
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
|
||||
49
parser-write-cache-warn-only.diff
Normal file
49
parser-write-cache-warn-only.diff
Normal file
@ -0,0 +1,49 @@
|
||||
From cd45ebddeb67b55b956646bfc760918b4b5edb37 Mon Sep 17 00:00:00 2001
|
||||
From: John Johansen <john.johansen@canonical.com>
|
||||
Date: Thu, 4 Jan 2018 03:01:35 -0800
|
||||
Subject: [PATCH] parser: fix parser so that cache creation failure doesn't
|
||||
cause load failure
|
||||
|
||||
This is a minimal patch so that it can be backported to 2.11 and 2.10
|
||||
which reverts the abort on error failure when the cache can not be
|
||||
created and write-cache is set.
|
||||
|
||||
This is meant as a temporary fix for
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=1069906
|
||||
https://bugzilla.opensuse.org/show_bug.cgi?id=1074429
|
||||
|
||||
where the cache location is being mounted readonly and the cache
|
||||
creation failure is causing policy to not be loaded. And the
|
||||
thrown parser error to cause issues for openQA.
|
||||
|
||||
Note: A cache failure warning will be reported after the policy load.
|
||||
|
||||
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
||||
---
|
||||
parser/policy_cache.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/parser/policy_cache.c b/parser/policy_cache.c
|
||||
index 6ede6171..3454cc0d 100644
|
||||
--- a/parser/policy_cache.c
|
||||
+++ b/parser/policy_cache.c
|
||||
@@ -147,13 +147,13 @@ int setup_cache_tmp(const char **cachetmpname, const char *cachename)
|
||||
*cachetmpname = NULL;
|
||||
if (write_cache) {
|
||||
/* Otherwise, set up to save a cached copy */
|
||||
- if (asprintf(&tmpname, "%s-XXXXXX", cachename)<0) {
|
||||
+ if (asprintf(&tmpname, "%s-XXXXXX", cachename) < 0) {
|
||||
perror("asprintf");
|
||||
- exit(1);
|
||||
+ return -1;
|
||||
}
|
||||
if ((cache_fd = mkstemp(tmpname)) < 0) {
|
||||
perror("mkstemp");
|
||||
- exit(1);
|
||||
+ return -1;
|
||||
}
|
||||
*cachetmpname = tmpname;
|
||||
}
|
||||
--
|
||||
2.14.3
|
||||
|
||||
Loading…
Reference in New Issue
Block a user