pool/apparmor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 561674 from home:cboltz

Browse Source 
- add parser-write-cache-warn-only.diff to make cache write failures a
  warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests"
  to avoid pulling in several Gnome packages on servers (boo#1067477)

OBS-URL: https://build.opensuse.org/request/show/561674
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=197
This commit is contained in:
Christian Boltz 2018-01-04 14:54:12 +00:00 committed by Git OBS Bridge
parent 772075ecd7
commit c6c48cc166
4 changed files with 66 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apparmor.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jan 4 13:20:20 UTC 2018 - suse-beta@cboltz.de
- add parser-write-cache-warn-only.diff to make cache write failures a
warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests"
to avoid pulling in several Gnome packages on servers (boo#1067477)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 25 15:27:03 UTC 2017 - suse-beta@cboltz.de Mon Dec 25 15:27:03 UTC 2017 - suse-beta@cboltz.de

12
apparmor.spec
View File

@ -1,8 +1,8 @@
# #
# spec file for package apparmor # spec file for package apparmor
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2011-2017 Christian Boltz # Copyright (c) 2011-2018 Christian Boltz
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -67,6 +67,9 @@ Patch7: apparmor-lessopen-profile.patch
# logparser.py: ignore ouid if it's 2^32 - 1 which means no ouid given in a log event on 32 bit systems (submitted upstream 2017-12-26) # logparser.py: ignore ouid if it's 2^32 - 1 which means no ouid given in a log event on 32 bit systems (submitted upstream 2017-12-26)
Patch8: 32-bit-no-uid.diff Patch8: 32-bit-no-uid.diff
# make cache write failures a warning instead of an error - (patch from https://gitlab.com/apparmor/apparmor/merge_requests/49 2018-01-04)
Patch9: parser-write-cache-warn-only.diff
PreReq: sed PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor %define apparmor_bin_prefix /lib/apparmor
@ -290,8 +293,8 @@ Requires: python-base
%endif %endif
# aa-unconfined needs ss # aa-unconfined needs ss
Recommends: iproute2 Recommends: iproute2
# aa-notify -p needs notify-send # aa-notify -p needs notify-send (only "Suggests", see boo#1067477)
Recommends: libnotify-tools Suggests: libnotify-tools
BuildArch: noarch BuildArch: noarch
%description utils %description utils
@ -355,6 +358,7 @@ SubDomain.
%patch5 -p1 %patch5 -p1
%patch7 %patch7
%patch8 -p1 %patch8 -p1
%patch9 -p1
%build %build
export SUSE_ASNEEDED=0 export SUSE_ASNEEDED=0

2
libapparmor.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libapparmor # spec file for package libapparmor
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2011-2017 Christian Boltz # Copyright (c) 2011-2017 Christian Boltz
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties

49
parser-write-cache-warn-only.diff Normal file
View File

@ -0,0 +1,49 @@
From cd45ebddeb67b55b956646bfc760918b4b5edb37 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Thu, 4 Jan 2018 03:01:35 -0800
Subject: [PATCH] parser: fix parser so that cache creation failure doesn't
cause load failure
This is a minimal patch so that it can be backported to 2.11 and 2.10
which reverts the abort on error failure when the cache can not be
created and write-cache is set.
This is meant as a temporary fix for
https://bugzilla.suse.com/show_bug.cgi?id=1069906
https://bugzilla.opensuse.org/show_bug.cgi?id=1074429
where the cache location is being mounted readonly and the cache
creation failure is causing policy to not be loaded. And the
thrown parser error to cause issues for openQA.
Note: A cache failure warning will be reported after the policy load.
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
parser/policy_cache.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/parser/policy_cache.c b/parser/policy_cache.c
index 6ede6171..3454cc0d 100644
--- a/parser/policy_cache.c
+++ b/parser/policy_cache.c
@@ -147,13 +147,13 @@ int setup_cache_tmp(const char **cachetmpname, const char *cachename)
*cachetmpname = NULL;
if (write_cache) {
/* Otherwise, set up to save a cached copy */
- if (asprintf(&tmpname, "%s-XXXXXX", cachename)<0) {
+ if (asprintf(&tmpname, "%s-XXXXXX", cachename) < 0) {
perror("asprintf");
- exit(1);
+ return -1;
}
if ((cache_fd = mkstemp(tmpname)) < 0) {
perror("mkstemp");
- exit(1);
+ return -1;
}
*cachetmpname = tmpname;
}
--
2.14.3