pool/apparmor
SHA256
11
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 63720 from security:apparmor:factory

Browse Source 
Accepted submit request 63720 from user coolo

OBS-URL: https://build.opensuse.org/request/show/63720
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=12
This commit is contained in:
Sascha Peilicke
2011-03-10 11:49:13 +00:00
committed by Git OBS Bridge
parent 77fc602dda
commit ccb3ab3ed8
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apparmor-2.5.1-dnsmasq-libvirt-profile-fix
View File

@@ -10,8 +10,10 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
profiles/apparmor.d/usr.sbin.dnsmasq | 6 ++++++
1 file changed, 6 insertions(+)
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.dnsmasq
===================================================================
--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.dnsmasq
+++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -8,6 +8,9 @@
capability setgid,
capability setuid,
@@ -22,12 +24,14 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
/etc/dnsmasq.conf r,
/etc/dnsmasq.d/ r,
@@ -19,5 +22,8 @@
@@ -19,5 +22,10 @@
/var/run/dnsmasq/ r,
/var/run/dnsmasq/* rw,
+ /var/run/libvirt/network/ r, # Required when called by libvirt
+ /var/run/libvirt/network/*.pid rw, # Required when called by libvirt
+ /var/lib/libvirt/dnsmasq/ r, # Required when called by libvirt
+ /var/lib/libvirt/dnsmasq/*.hostsfile r, # Required when called by libvirt
+
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
}

9
apparmor-profiles-dhclient
View File

@@ -4,9 +4,9 @@ References: bnc#561152
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
profiles/apparmor/profiles/extras/sbin.dhclient | 60 +++++++++++------
profiles/apparmor/profiles/extras/sbin.dhclient | 61 +++++++++++------
profiles/apparmor/profiles/extras/sbin.dhclient-script | 21 +++++
2 files changed, 60 insertions(+), 21 deletions(-)
2 files changed, 61 insertions(+), 21 deletions(-)
--- a/profiles/apparmor/profiles/extras/sbin.dhclient
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient
@@ -29,7 +29,7 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
#include <tunables/global>
@@ -25,25 +25,29 @@
@@ -25,25 +25,30 @@
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/nameservice>
@@ -39,6 +39,7 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
- /bin/df rmix,
+
+ network packet packet,
+ network packet raw,
+
+ /sbin/dhclient mrix,
+
@@ -74,7 +75,7 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
/var/lib/dhcp/dhclient.leases rw,
/var/lib/dhcp/dhclient-*.leases rw,
/var/log/lastlog r,
@@ -53,4 +57,18 @@
@@ -53,4 +58,18 @@
/var/run/dhclient-*.pid rw,
/var/spool r,
/var/spool/mail r,

10
apparmor.changes
View File

@@ -1,3 +1,13 @@
-------------------------------------------------------------------
Tue Mar 1 09:56:30 UTC 2011 - rhafer@suse.de
- Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867)
-------------------------------------------------------------------
Thu Feb 24 15:52:15 CET 2011 - jeffm@suse.de
- Added 'network packet raw' to dhclient profile.
-------------------------------------------------------------------
Tue Feb 22 12:45:43 UTC 2011 - bwiedemann@novell.com