diff --git a/apparmor-rpmlintrc b/apparmor-rpmlintrc index ee2c467..dbff758 100644 --- a/apparmor-rpmlintrc +++ b/apparmor-rpmlintrc @@ -1,3 +1,7 @@ -addFilter("devel-file-in-non-devel-package.*/usr/lib64/libJNIChangeHat.so") -addFilter("devel-file-in-non-devel-package.*/usr/lib/libJNIChangeHat.so") -addFilter("shlib-policy-name-error.*libJNIChangeHat0") +# .features file for pre-compiled cache +addFilter("hidden-file-or-dir /usr/share/apparmor/cache/[0-9a-f]*.0/.features") + +# warnings for the disabled tomcat_apparmor subpackage +# addFilter("devel-file-in-non-devel-package.*/usr/lib63/libJNIChangeHat.so") +# addFilter("devel-file-in-non-devel-package.*/usr/lib/libJNIChangeHat.so") +# addFilter("shlib-policy-name-error.*libJNIChangeHat0") diff --git a/apparmor.changes b/apparmor.changes index 585be86..0d7cc3e 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Oct 10 18:01:16 UTC 2018 - Christian Boltz + +- update rpmlintrc: + - whitelist .features file which is part of the pre-compiled cache + - comment out filters for the disabled tomcat_apparmor subpackage + +------------------------------------------------------------------- +Wed Oct 10 09:49:17 UTC 2018 - Petr Vorel + +- Backport dnsmasq fix: + 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch + (boo#1111342) + ------------------------------------------------------------------- Wed Aug 22 11:32:59 UTC 2018 - suse-beta@cboltz.de diff --git a/apparmor.spec b/apparmor.spec index 02909bc..074be5e 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -13,7 +13,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -74,9 +74,12 @@ Patch10: logprof-skip-cache-d.diff # bug 1092099 - Allow smbd to load new shared libraries. Allow Winbindd to read and write new kerberos cache location (accepted upstream 2018-05-09 https://gitlab.com/apparmor/apparmor/merge_requests/121 - slightly different patch) Patch11: fix-samba-profiles.patch -# SR 629206 - make pyflakes 2.0 happy (unused variable) +# SR 629206 - make pyflakes 2.0 happy (unused variable) (accepted upstream 2018-08-22) Patch12: make-pyflakes-happy.diff +# boo#1111342 Backport fix for dnsmasq into Tumbleweed (add permission to open log files) (from upstream 2018-10-08) +Patch13: dnsmasq-Add-permission-to-open-log-files.patch + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -369,6 +372,7 @@ SubDomain. %patch10 %patch11 -p1 %patch12 -p1 +%patch13 -p1 %build export SUSE_ASNEEDED=0 diff --git a/dnsmasq-Add-permission-to-open-log-files.patch b/dnsmasq-Add-permission-to-open-log-files.patch new file mode 100644 index 0000000..bf11f0e --- /dev/null +++ b/dnsmasq-Add-permission-to-open-log-files.patch @@ -0,0 +1,28 @@ +From 025c7dc6a131da24c31e41ad32753015a0ec0f76 Mon Sep 17 00:00:00 2001 +From: Petr Vorel +Date: Mon, 8 Oct 2018 16:44:01 +0200 +Subject: [PATCH] dnsmasq: Add permission to open log files + +--log-facility option needs to have permission to open files. +Use '*' to allow using more files (for using more dnsmasq instances). + +Signed-off-by: Petr Vorel +Signed-off-by: Jamie Strandboge +Signed-off-by: Steve Beattie +--- + profiles/apparmor.d/usr.sbin.dnsmasq | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq +index 2b4b1bfc..f2e6847d 100644 +--- a/profiles/apparmor.d/usr.sbin.dnsmasq ++++ b/profiles/apparmor.d/usr.sbin.dnsmasq +@@ -43,6 +43,8 @@ + + /usr/sbin/dnsmasq mr, + ++ /var/log/*dnsmasq.log w, ++ + /{,var/}run/*dnsmasq*.pid w, + /{,var/}run/dnsmasq-forwarders.conf r, + /{,var/}run/dnsmasq/ r, diff --git a/libapparmor.spec b/libapparmor.spec index ef56254..8aa4ed3 100644 --- a/libapparmor.spec +++ b/libapparmor.spec @@ -13,7 +13,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ #