diff --git a/apparmor.changes b/apparmor.changes index 5296b6e..58effa6 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Apr 17 18:46:08 UTC 2015 - opensuse@cboltz.de + +- make sure %service_del_postun doesn't call systemctl try-restart + (boo#853019, bare systemd edition) +- add samba-4.2-profiles.diff: update samba (winbindd and nmb) + profiles for samba 4.2 (boo#921098, boo#923201) + ------------------------------------------------------------------- Sun Apr 12 21:13:23 UTC 2015 - opensuse@cboltz.de @@ -6,8 +14,8 @@ Sun Apr 12 21:13:23 UTC 2015 - opensuse@cboltz.de ------------------------------------------------------------------- Wed Apr 1 03:47:44 UTC 2015 - crrodriguez@opensuse.org -- Add a native systemd unit which *at the moment* only - wraps/masks the early boot script. +- Add a native systemd unit which *at the moment* only + wraps/masks the early boot script. ------------------------------------------------------------------- Tue Feb 24 13:19:10 UTC 2015 - rguenther@suse.com diff --git a/apparmor.spec b/apparmor.spec index f5b93ba..6c73587 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -103,6 +103,9 @@ Patch8: apparmor-changes-since-2.9.1.diff # fix build with GCC 5 due to bad ostream use Patch9: apparmor-fix-stl-ostream.diff +# update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201) +Patch10: samba-4.2-profiles.diff + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -450,6 +453,7 @@ SubDomain. %patch7 -p1 %patch8 %patch9 +%patch10 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" @@ -875,6 +879,8 @@ fi %endif %if 0%{?suse_version} > 1320 +# don't call try-restart, see bnc#853019 +export DISABLE_RESTART_ON_UPDATE="yes" %service_del_postun apparmor.service %endif diff --git a/samba-4.2-profiles.diff b/samba-4.2-profiles.diff new file mode 100644 index 0000000..b67a086 --- /dev/null +++ b/samba-4.2-profiles.diff @@ -0,0 +1,40 @@ +Index: profiles/apparmor.d/abstractions/samba +=================================================================== +--- profiles/apparmor.d/abstractions/samba.orig 2014-07-04 12:09:58.000000000 +0200 ++++ profiles/apparmor.d/abstractions/samba 2015-04-17 21:24:22.463107165 +0200 +@@ -13,7 +13,7 @@ + /usr/share/samba/*.dat r, + /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, + /var/cache/samba/ w, +- /var/lib/samba/**.tdb rwk, ++ /var/lib/samba/** rwk, + /var/log/samba/cores/ rw, + /var/log/samba/cores/** rw, + /var/log/samba/log.* w, +Index: profiles/apparmor.d/usr.sbin.winbindd +=================================================================== +--- profiles/apparmor.d/usr.sbin.winbindd.orig 2014-04-21 22:10:51.000000000 +0200 ++++ profiles/apparmor.d/usr.sbin.winbindd 2015-04-17 21:26:56.262142786 +0200 +@@ -10,8 +10,12 @@ + capability ipc_lock, + capability setuid, + ++ /etc/samba/netlogon_creds_cli.tdb rwk, + /etc/samba/passdb.tdb{,.tmp} rwk, + /etc/samba/secrets.tdb rwk, ++ /etc/samba/smbd.tmp/ rw, ++ /etc/samba/smbd.tmp/msg/ rw, ++ /etc/samba/smbd.tmp/msg/* rw, + @{PROC}/sys/kernel/core_pattern r, + /tmp/.winbindd/ w, + /tmp/krb5cc_* rwk, +@@ -21,9 +25,6 @@ + /usr/sbin/winbindd mr, + /var/cache/krb5rcache/* rw, + /var/cache/samba/*.tdb rwk, +- /var/lib/samba/smb_krb5/krb5.conf.* rw, +- /var/lib/samba/smb_tmp_krb5.* rw, +- /var/lib/samba/winbindd_cache.tdb* rwk, + /var/log/samba/log.winbindd rw, + /{var/,}run/samba/winbindd.pid rwk, + /{var/,}run/samba/winbindd/ rw,