- nscd profile: add missing permissions and deny capability block_suspend
(bnc#807104)
Please also add this patch to openSUSE 12.3
The patch only adds permissions, which means it can't break anything.
Even "deny capability block_suspend" doesn't take away any permissions
(everything that is not allowed is denied by default). The deny rule
just disables the logging for capability block_suspend.
OBS-URL: https://build.opensuse.org/request/show/157409
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=33
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
- Update to AppArmor 2.7.0 (= r1858)
- make traceroute6 work (bnc#733312)
- allow access to pyconfig.h in abstractions/python (lp#840734)
- fix logprof/genprof for hex-encoded program filenames (= filenames
containing space etc.)
- add apparmor-2.7-branch.diff with some upstreamed fixes:
- usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
- create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
- fix syntax error in abstractons/python
- changed a $ -> % (typo)
OBS-URL: https://build.opensuse.org/request/show/98697
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=31
- package subdomain.conf only in -parser, not in -utils package
- package libapparmor.so and libimmunix.so only in libapparmor-devel,
not in libapparmor1
- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
- move libapparmor.a and libimmunix.a from libapparmor1 to
libapparmor-devel package
- update to AppArmor 2.7.0 rc2
Most of the changes since rc1 were already included as patches.
Additional changes:
- fix logprof/genprof to recognize "mknod" in audit.log
- fix libapparmor python bindings to compile with python 3
- fix wrong status message in initscript if apparmor-utils are not installed
- parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
- fix some warnings in utils/Makefile
- remove 4 upstreamed patches
- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
- update line numbers in 2 patches
OBS-URL: https://build.opensuse.org/request/show/93892
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=30
- add patch with upstream changes since 2.7.0 beta2 release
- add example parser.conf
- print warning if profile cache directory doesn't exist
- remove initscript for no longer existing aa-eventd (bnc#720617)
- set correct $HOME in aa-notify
- enable caching of profiles (= massive speedup) (bnc#689458)
- add comments for patches in .spec and comments in some patches
- run spec-cleaner
- add libtool as buildrequire to make the spec file more reliable
OBS-URL: https://build.opensuse.org/request/show/87208
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=24
