fcc884a7e3
- update to AppArmor 2.11.0
- apparmor_parser now supports parallel compiles and loads
- add full support for dbus, ptrace and signal rules and events to the
utils
- full rewrite of the file rule handling in the utils
- lots of improvements and fixes
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
detailed changelog
- patches:
- add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
- drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
- refresh apparmor-abstractions-no-multiline.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
- aa-unconfined switched to using ss (from iproute2), adjust Recommends:
- move libapparmor to /usr/lib*/
- drop %if %suse_version checks for 12.x
- change several Obsoletes from %version to < 2.9. Those package names
weren't used since years, and 2.9 is still a careful choice
- include apparmor.service independent of %suse_version
- techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
- drop latex2html, texlive-* and w3m BuildRequires
- techdoc.txt and techdoc.html not included, drop them from the package
- run most of utils/ make check (some tests expect /etc/apparmor.d/ and
/sbin/apparmor_parser to exist, skip them)
- BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
- drop sed'ing python3 into aa-* shebang (upstreamed)
- build binutils
- aa-exec is now written in C and lives in /usr/bin/, move it to the
apparmor_parser package and create a compability symlink in /usr/sbin/
- aa-exec manpage moved to section 1
- aa-enabled is a small new tool to find out if AppArmor is enabled
- package new aa_stack_profile(2) manpage
OBS-URL: https://build.opensuse.org/request/show/453151
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=165
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
Samba generates a profile sniplet with permissions for all shares at
|
|
start using the update-apparmor-samba-profile script.
|
|
|
|
This patch includes the autogenerated profile sniplet it in the smbd
|
|
profile. It also creates a dummy profile sniplet to avoid "file not
|
|
found" errors when AppArmor is started before samba was started.
|
|
|
|
References: https://bugzilla.novell.com/show_bug.cgi?id=688040
|
|
|
|
|
|
Signed-off-by: Christian Boltz <apparmor@cboltz.de>
|
|
|
|
=== added file 'profiles/apparmor.d/local/usr.sbin.smbd-shares'
|
|
--- profiles/apparmor.d/local/usr.sbin.smbd-shares 1970-01-01 00:00:00 +0000
|
|
+++ profiles/apparmor.d/local/usr.sbin.smbd-shares 2011-10-19 09:40:05 +0000
|
|
@@ -0,0 +1,2 @@
|
|
+# This file will be replaced by rules for all samba shares at samba start.
|
|
+# Do not edit!
|
|
|
|
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
|
|
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
|
|
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000
|
|
@@ -53,6 +53,10 @@
|
|
|
|
@{HOMEDIRS}/** lrwk,
|
|
|
|
+ # permissions for all configured shares
|
|
+ # autogenerated by update-apparmor-samba-profile at samba start
|
|
+ #include <local/usr.sbin.smbd-shares>
|
|
+
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
#include <local/usr.sbin.smbd>
|
|
}
|
|
|