From fd37374f574cd1431886ff6b27eab56e9b41fe25227c877bcfee73cb3cdf07ef Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 21 Dec 2014 16:18:25 +0000 Subject: [PATCH] Accepting request 264683 from home:msmeissn:branches:security:apparmor - /usr/bin/lessopen.sh needs confinement. bnc#906858 OBS-URL: https://build.opensuse.org/request/show/264683 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=111 --- apparmor-lessopen-profile.patch | 44 +++++++++++++++++++++++++++++++++ apparmor.changes | 5 ++++ apparmor.spec | 4 +++ 3 files changed, 53 insertions(+) create mode 100644 apparmor-lessopen-profile.patch diff --git a/apparmor-lessopen-profile.patch b/apparmor-lessopen-profile.patch new file mode 100644 index 0000000..6296c07 --- /dev/null +++ b/apparmor-lessopen-profile.patch @@ -0,0 +1,44 @@ +Index: apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen +=================================================================== +--- /dev/null ++++ apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen +@@ -0,0 +1,39 @@ ++# Last Modified: Fri Nov 28 08:01:09 2014 ++#include ++ ++/usr/bin/lessopen.sh { ++ #include ++ #include ++ #include ++ #include ++ ++ /** rk, ++ /bin/bash ix, ++ /bin/rpm rix, ++ /bin/tar rix, ++ /tmp/less.* rw, ++ /usr/bin/bzip2 rix, ++ /usr/bin/cabextract rix, ++ /usr/bin/cat rix, ++ /usr/bin/colordiff rix, ++ /usr/bin/dvi2tty rix, ++ /usr/bin/file rix, ++ /usr/bin/grep rix, ++ /usr/bin/groff rix, ++ /usr/bin/gzip rix, ++ /usr/bin/head rix, ++ /usr/bin/lynx rix, ++ /usr/bin/mktemp rix, ++ /usr/bin/nm rix, ++ /usr/bin/pdftotext rix, ++ /usr/bin/ps2ascii rix, ++ /usr/bin/rm rix, ++ /usr/bin/seq rix, ++ /usr/bin/tar rix, ++ /usr/bin/unzip rix, ++ /usr/bin/w3m rix, ++ /usr/bin/which rix, ++ /usr/bin/xz rix, ++ ++ #include ++} diff --git a/apparmor.changes b/apparmor.changes index f5bb43c..9c27611 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Dec 10 10:15:16 UTC 2014 - meissner@suse.com + +- /usr/bin/lessopen.sh needs confinement. bnc#906858 + ------------------------------------------------------------------- Sun Nov 16 16:28:14 UTC 2014 - opensuse@cboltz.de diff --git a/apparmor.spec b/apparmor.spec index 02a8ed9..f92311a 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -92,6 +92,9 @@ Patch5: ruby-2_0-mkmf-destdir.patch # (bnc#900013, not for upstream) Patch6: apparmor-abstractions-no-multiline.diff +# bug 906858 - confine lessopen.sh +Patch7: apparmor-lessopen-profile.patch + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -430,6 +433,7 @@ SubDomain. %endif %patch6 +%patch7 -p1 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"