Accepting request 254032 from home:cboltz

- split apparmor-profiles package into -profiles and -abstractions OBS-URL: https://build.opensuse.org/request/show/254032 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=99
2014-10-05 16:17:38 +00:00 · 2014-10-05 16:17:38 +00:00 · f7c45c5e5a
commit f7c45c5e5a
parent 2863c2011e
2 changed files with 46 additions and 6 deletions
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Sun Sep 28 19:25:32 UTC 2014 - opensuse@cboltz.de
+
+- split apparmor-profiles package into -profiles and -abstractions
+
 -------------------------------------------------------------------
 Sat Sep  6 22:08:57 UTC 2014 - opensuse@cboltz.de

--- a/apparmor.spec
+++ b/apparmor.spec
@ -304,10 +304,30 @@ applications interfacing with AppArmor.

 %endif

+%package abstractions
+Summary:        AppArmor abstractions and directory structure
+License:        GPL-2.0 and LGPL-2.1+
+Group:          Productivity/Security
+Requires:       apparmor-parser(CAP_SYSLOG)
+BuildArch:      noarch
+
+%description abstractions
+AppArmor abstractions (common parts used in various profiles) and 
+the /etc/apparmor.d/ directory structure.
+
+AppArmor is a file and network mandatory access control mechanism. 
+AppArmor confines processes to the resources allowed by the systems
+administrator and can constrain the scope of potential security
+vulnerabilities.
+
+This package is part of a suite of tools that used to be named
+SubDomain.
+
 %package profiles
 Summary:        AppArmor profiles that are loaded into the apparmor kernel module
 License:        GPL-2.0 and LGPL-2.1+
 Group:          Productivity/Security
+Requires:       apparmor-abstractions >= %{version}
 Requires:       apparmor-parser(CAP_SYSLOG)
 Obsoletes:      subdomain-profiles < %{version}
 Provides:       subdomain-profiles = %{version}
@ -628,22 +648,24 @@ fi
 %{_includedir}/sys/apparmor.h
 %{_includedir}/aalogparse/*

-%files profiles
+%files abstractions
 %defattr(644,root,root,755)
 %dir %{_sysconfdir}/apparmor.d/
 %dir %{_sysconfdir}/apparmor.d/abstractions
 %config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/*
-%dir %{_sysconfdir}/apparmor.d/apache2.d
 %dir %{_sysconfdir}/apparmor.d/disable
+%dir %{_sysconfdir}/apparmor.d/local
+%dir %{_sysconfdir}/apparmor.d/tunables
+%config(noreplace) %{_sysconfdir}/apparmor.d/tunables/*
+
+%files profiles
+%defattr(644,root,root,755)
+%dir %{_sysconfdir}/apparmor.d/apache2.d
 %config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
 %config(noreplace) %{_sysconfdir}/apparmor.d/bin.*
 %config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
 %config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
-%dir %{_sysconfdir}/apparmor.d/local
 %config(noreplace) %{_sysconfdir}/apparmor.d/local/*
-%dir %{_sysconfdir}/apparmor.d/tunables
-%config(noreplace) %{_sysconfdir}/apparmor.d/tunables/*
-%dir %{_sysconfdir}/apparmor/
 /usr/share/apparmor/extra-profiles/

 %files utils
@ -814,6 +836,19 @@ fi
  %{insserv_cleanup} || true
 %endif

+%post abstractions
+%if %{distro} == "suse"
+  #restart_on_update boot.apparmor - but non-broken (bnc#853019)
+  # (copy&paste from parser postun script)
+  test -n "$FIRST_ARG" || FIRST_ARG=$1
+  if test "$FIRST_ARG" -ge 1 ; then
+    if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then
+      test -x /bin/systemctl && /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+      /etc/init.d/boot.apparmor status >/dev/null && /etc/init.d/boot.apparmor reload || :
+    fi
+  fi
+%endif
+
 %post profiles
 %if %{distro} == "suse"
  #restart_on_update boot.apparmor - but non-broken (bnc#853019)