fcc884a7e3
- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage OBS-URL: https://build.opensuse.org/request/show/453151 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=165
31 lines
1005 B
Diff
31 lines
1005 B
Diff
------------------------------------------------------------
|
|
revno: 3615
|
|
committer: Christian Boltz <apparmor@cboltz.de>
|
|
branch nick: apparmor
|
|
timestamp: Thu 2017-01-12 22:01:11 +0100
|
|
message:
|
|
sshd profile: drop local/ include
|
|
|
|
The local/ include in the sshd profile in extras causes some trouble:
|
|
- it breaks "make check" because the parser can't find the local/ file
|
|
- it results in a broken profile if someone uses this profile as
|
|
starting point, but doesn't notice it needs the local include
|
|
|
|
|
|
Acked-by: Steve Beattie <steve@nxnw.org>
|
|
|
|
|
|
=== modified file 'profiles/apparmor/profiles/extras/usr.sbin.sshd'
|
|
--- profiles/apparmor/profiles/extras/usr.sbin.sshd 2016-12-07 19:00:06 +0000
|
|
+++ profiles/apparmor/profiles/extras/usr.sbin.sshd 2017-01-12 21:01:11 +0000
|
|
@@ -140,5 +140,5 @@
|
|
/usr/lib/openssh/sftp-server PUx,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
- #include <local/usr.sbin.sshd>
|
|
+ ## include <local/usr.sbin.sshd>
|
|
}
|
|
|
|
|
|
vim:ft=diff
|