pool/apparmor
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
29f71f58a2
apparmor/apparmor-samba-include-permissions-for-shares.diff
Christian Boltz 980f095fc4 Accepting request 844157 from home:cboltz 
- update to AppArmor 3.0.0
  - introduce feature abi declaration in profiles to enable use of
    new rule types (for openSUSE: dbus and unix rules)
  - support xattr attachment conditionals
  - experimental support for kill and unconfined profile modes
  - rewritten aa-status (in C), including support for new profile modes
  - rewritten aa-notify (in python), finally dropping the perl
    requirement at runtime
  - new tool aa-features-abi for extracting feature abis from the kernel
  - update profiles to have profile names and to use 3.0 feature abi
  - introduce @{etc_ro} and @{etc_rw} profile variables
  - new profile for php-fpm
  - several updates to profiles and abstractions (including boo#1166007)
  - fully support 'include if exists' in the aa-* tools
  - rewrite handling of alias, include, link and variable rules in
    the aa-* tools
  - rewrite and simplify log handling in the aa-logprof and aa-genprof
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
    for the detailed upstream changelog
- patches:
  - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
    release up to 3e18c0785abc03ee42a022a67a27a085516a7921
  - drop upstreamed usr-etc-abstractions-base-nameservice.diff
  - drop 2.13-only libapparmor-so-number.diff
  - refresh apparmor-enable-profile-cache.diff - partially upstreamed
  - update apparmor-samba-include-permissions-for-shares.diff and
    apparmor-lessopen-profile.patch - switch to "include if exists"
  - apparmor-lessopen-profile.patch: add abi rule to lessopen profile
  - refresh apparmor-lessopen-nfs-workaround.diff
- move away very loose apache profile that doesn't even match the
  apache2 binary path in openSUSE to avoid confusion (boo#872984)
- move rewritten aa-status from utils to parser subpackage
- add aa-features-abi to parser subpackage
- replace perl and libnotify-tools requires with requiring
  python3-notify2 and python3-psutil (needed by the rewritten
  aa-notify)
- drop ancient cleanup for /etc/init.d/subdomain from parser %pre
- drop (never enabled) conditionals to build with python2 and to
  build the python-apparmor subpackage (upstream dropped python2
  support)
- drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed
- set PYFLAKES path for utils check
- add precompiled_cache build conditional to allow faster local
  builds without using kvm
- remove duplicated BuildRequires: swig

libapparmor:
- update to AppArmor 3.0.0
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
    for the detailed upstream changelog
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
  release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop 2.13-only patch libapparmor-so-number.diff

OBS-URL: https://build.opensuse.org/request/show/844157
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=281
2020-10-26 20:16:22 +00:00

35 lines
1.3 KiB
Diff
Raw Blame History

Samba generates a profile sniplet with permissions for all shares at
start using the update-apparmor-samba-profile script.
This patch includes the autogenerated profile sniplet it in the smbd
profile. It also creates a dummy profile sniplet to avoid "file not
found" errors when AppArmor is started before samba was started.
References: https://bugzilla.novell.com/show_bug.cgi?id=688040
Signed-off-by: Christian Boltz <apparmor@cboltz.de>
=== added file 'profiles/apparmor.d/local/usr.sbin.smbd-shares'
--- profiles/apparmor.d/local/usr.sbin.smbd-shares 1970-01-01 00:00:00 +0000
+++ profiles/apparmor.d/local/usr.sbin.smbd-shares 2011-10-19 09:40:05 +0000
@@ -0,0 +1,2 @@
+# This file will be replaced by rules for all samba shares at samba start.
+# Do not edit!
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000
@@ -56,6 +56,10 @@
@{HOMEDIRS}/** lrwk,
/var/lib/samba/usershares/{,**} lrwk,
+ # permissions for all configured shares
+ # autogenerated by update-apparmor-samba-profile at samba start
+ include <local/usr.sbin.smbd-shares>
+
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.smbd>
}
Reference in New Issue View Git Blame Copy Permalink