Accepting request 563667 from home:kukuk:branches:security:apparmor
- disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429) OBS-URL: https://build.opensuse.org/request/show/563667 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=199
This commit is contained in:
Christian Boltz
Git OBS Bridge
parent
c6c48cc166
commit
ede3b9fa12
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 11 18:14:47 CET 2018 - kukuk@suse.de
|
||||||
|
|
||||||
|
- disable write cache if filesystem is read-only and don't bail
|
||||||
|
out (bsc#1069906, bsc#1074429)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 4 13:20:20 UTC 2018 - suse-beta@cboltz.de
|
Thu Jan 4 13:20:20 UTC 2018 - suse-beta@cboltz.de
|
||||||
|
|
||||||
|
|||||||
@ -70,6 +70,9 @@ Patch8: 32-bit-no-uid.diff
|
|||||||
# make cache write failures a warning instead of an error - (patch from https://gitlab.com/apparmor/apparmor/merge_requests/49 2018-01-04)
|
# make cache write failures a warning instead of an error - (patch from https://gitlab.com/apparmor/apparmor/merge_requests/49 2018-01-04)
|
||||||
Patch9: parser-write-cache-warn-only.diff
|
Patch9: parser-write-cache-warn-only.diff
|
||||||
|
|
||||||
|
# Disable write cache if filesystem is read-only, don't abort
|
||||||
|
Patch10: disable-cache-on-ro-fs.diff
|
||||||
|
|
||||||
PreReq: sed
|
PreReq: sed
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
%define apparmor_bin_prefix /lib/apparmor
|
%define apparmor_bin_prefix /lib/apparmor
|
||||||
@ -172,7 +175,7 @@ The documentation is in the apparmor-admin_en package.
|
|||||||
|
|
||||||
%package -n perl-apparmor
|
%package -n perl-apparmor
|
||||||
Summary: Perl interface for libapparmor functions
|
Summary: Perl interface for libapparmor functions
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Development/Libraries/Perl
|
Group: Development/Libraries/Perl
|
||||||
Requires: libapparmor1 = %{version}
|
Requires: libapparmor1 = %{version}
|
||||||
Requires: perl = %{perl_version}
|
Requires: perl = %{perl_version}
|
||||||
@ -189,7 +192,7 @@ applications interfacing with AppArmor.
|
|||||||
|
|
||||||
%package -n python-apparmor
|
%package -n python-apparmor
|
||||||
Summary: Python 2 interface for libapparmor functions
|
Summary: Python 2 interface for libapparmor functions
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Development/Libraries/Python
|
Group: Development/Libraries/Python
|
||||||
BuildRequires: python
|
BuildRequires: python
|
||||||
Requires: libapparmor1 = %{version}
|
Requires: libapparmor1 = %{version}
|
||||||
@ -208,7 +211,7 @@ applications interfacing with AppArmor.
|
|||||||
|
|
||||||
%package -n python3-apparmor
|
%package -n python3-apparmor
|
||||||
Summary: Python 3 interface for libapparmor functions
|
Summary: Python 3 interface for libapparmor functions
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Development/Libraries/Python
|
Group: Development/Libraries/Python
|
||||||
Requires: libapparmor1 = %{version}
|
Requires: libapparmor1 = %{version}
|
||||||
Requires: python = %{py3_ver}
|
Requires: python = %{py3_ver}
|
||||||
@ -225,7 +228,7 @@ applications interfacing with AppArmor.
|
|||||||
|
|
||||||
%package -n ruby-apparmor
|
%package -n ruby-apparmor
|
||||||
Summary: Ruby interface for libapparmor functions
|
Summary: Ruby interface for libapparmor functions
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Development/Languages/Ruby
|
Group: Development/Languages/Ruby
|
||||||
Requires: libapparmor1 = %{version}
|
Requires: libapparmor1 = %{version}
|
||||||
Requires: ruby = %(rpm -q --qf '%%{version}' ruby)
|
Requires: ruby = %(rpm -q --qf '%%{version}' ruby)
|
||||||
@ -240,7 +243,7 @@ applications interfacing with AppArmor.
|
|||||||
|
|
||||||
%package abstractions
|
%package abstractions
|
||||||
Summary: AppArmor abstractions and directory structure
|
Summary: AppArmor abstractions and directory structure
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Productivity/Security
|
Group: Productivity/Security
|
||||||
Requires: apparmor-parser(CAP_SYSLOG)
|
Requires: apparmor-parser(CAP_SYSLOG)
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
@ -259,7 +262,7 @@ SubDomain.
|
|||||||
|
|
||||||
%package profiles
|
%package profiles
|
||||||
Summary: AppArmor profiles that are loaded into the apparmor kernel module
|
Summary: AppArmor profiles that are loaded into the apparmor kernel module
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Productivity/Security
|
Group: Productivity/Security
|
||||||
Requires: apparmor-abstractions >= %{version}
|
Requires: apparmor-abstractions >= %{version}
|
||||||
Requires: apparmor-parser(CAP_SYSLOG)
|
Requires: apparmor-parser(CAP_SYSLOG)
|
||||||
@ -278,7 +281,7 @@ SubDomain.
|
|||||||
|
|
||||||
%package utils
|
%package utils
|
||||||
Summary: AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
|
Summary: AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Productivity/Security
|
Group: Productivity/Security
|
||||||
Requires: libapparmor1 = %{version}
|
Requires: libapparmor1 = %{version}
|
||||||
# some of the tools are still perl-based (aa-decode and aa-notify)
|
# some of the tools are still perl-based (aa-decode and aa-notify)
|
||||||
@ -307,7 +310,7 @@ It is part of a suite of tools that used to be named SubDomain.
|
|||||||
|
|
||||||
%package -n tomcat_apparmor
|
%package -n tomcat_apparmor
|
||||||
Summary: Tomcat 6 plugin for AppArmor change_hat
|
Summary: Tomcat 6 plugin for AppArmor change_hat
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Requires: libapparmor1 = %{version}
|
Requires: libapparmor1 = %{version}
|
||||||
Requires: tomcat6
|
Requires: tomcat6
|
||||||
@ -325,7 +328,7 @@ created for individual URL processing or per servlet.
|
|||||||
|
|
||||||
%package -n pam_apparmor
|
%package -n pam_apparmor
|
||||||
Summary: PAM module for AppArmor change_hat
|
Summary: PAM module for AppArmor change_hat
|
||||||
License: GPL-2.0 and LGPL-2.1+
|
License: GPL-2.0 AND LGPL-2.1+
|
||||||
Group: Productivity/Security
|
Group: Productivity/Security
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
PreReq: pam
|
PreReq: pam
|
||||||
@ -359,6 +362,7 @@ SubDomain.
|
|||||||
%patch7
|
%patch7
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
|
%patch10 -p0
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export SUSE_ASNEEDED=0
|
export SUSE_ASNEEDED=0
|
||||||
|
|||||||
11
disable-cache-on-ro-fs.diff
Normal file
11
disable-cache-on-ro-fs.diff
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- parser/parser_main.c
|
||||||
|
+++ parser/parser_main.c 2018/01/11 16:52:00
|
||||||
|
@@ -1124,7 +1124,7 @@
|
||||||
|
retval = aa_policy_cache_new(&policy_cache, features,
|
||||||
|
AT_FDCWD, cacheloc, max_caches);
|
||||||
|
if (retval) {
|
||||||
|
- if (errno != ENOENT && errno != EEXIST) {
|
||||||
|
+ if (errno != ENOENT && errno != EEXIST && errno != EROFS) {
|
||||||
|
PERROR(_("Failed setting up policy cache (%s): %s\n"),
|
||||||
|
cacheloc, strerror(errno));
|
||||||
|
return 1;
|
||||||
Loading…
Reference in New Issue
Block a user