pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 264683 from home:msmeissn:branches:security:apparmor

Browse Source 
- /usr/bin/lessopen.sh needs confinement. bnc#906858

OBS-URL: https://build.opensuse.org/request/show/264683
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=111
This commit is contained in:
Christian Boltz 2014-12-21 16:18:25 +00:00 committed by Git OBS Bridge
parent ce726570fb
commit fd37374f57
3 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
apparmor-lessopen-profile.patch Normal file
View File

@ -0,0 +1,44 @@
Index: apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen
===================================================================
--- /dev/null
+++ apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen
@@ -0,0 +1,39 @@
+# Last Modified: Fri Nov 28 08:01:09 2014
+#include <tunables/global>
+
+/usr/bin/lessopen.sh {
+ #include <abstractions/base>
+ #include <abstractions/bash>
+ #include <abstractions/consoles>
+ #include <abstractions/perl>
+
+ /** rk,
+ /bin/bash ix,
+ /bin/rpm rix,
+ /bin/tar rix,
+ /tmp/less.* rw,
+ /usr/bin/bzip2 rix,
+ /usr/bin/cabextract rix,
+ /usr/bin/cat rix,
+ /usr/bin/colordiff rix,
+ /usr/bin/dvi2tty rix,
+ /usr/bin/file rix,
+ /usr/bin/grep rix,
+ /usr/bin/groff rix,
+ /usr/bin/gzip rix,
+ /usr/bin/head rix,
+ /usr/bin/lynx rix,
+ /usr/bin/mktemp rix,
+ /usr/bin/nm rix,
+ /usr/bin/pdftotext rix,
+ /usr/bin/ps2ascii rix,
+ /usr/bin/rm rix,
+ /usr/bin/seq rix,
+ /usr/bin/tar rix,
+ /usr/bin/unzip rix,
+ /usr/bin/w3m rix,
+ /usr/bin/which rix,
+ /usr/bin/xz rix,
+
+ #include <local/usr.bin.lessopen>
+}

5
apparmor.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Dec 10 10:15:16 UTC 2014 - meissner@suse.com
- /usr/bin/lessopen.sh needs confinement. bnc#906858
-------------------------------------------------------------------
Sun Nov 16 16:28:14 UTC 2014 - opensuse@cboltz.de

4
apparmor.spec
View File

@ -92,6 +92,9 @@ Patch5: ruby-2_0-mkmf-destdir.patch
# (bnc#900013, not for upstream)
Patch6: apparmor-abstractions-no-multiline.diff
# bug 906858 - confine lessopen.sh
Patch7: apparmor-lessopen-profile.patch
Url: https://launchpad.net/apparmor
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -430,6 +433,7 @@ SubDomain.
%endif
%patch6
%patch7 -p1
# search for left-over multiline rules
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"