2863c2011e
- update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652)
- add unix abstract sockets, ptrace, and signal policy generation
- several bugfixes in the python tools and elsewhere
- move program-chunks/postfix-common to abstractions/
- drop upstreamed patches:
- apparmor-profiles-clustered-samba.diff
- perl-apparmor-fix-bare-network-keyword-handling.diff
- perl-apparmor-handle-bare-capability-keyword.diff
- perl-apparmor-properly-handle-bare-file-keyword.diff
- re-enable installation of perl modules
- move python modules to python3-apparmor package
- create symlinks without aa- prefix only for tools existing in 2.8.x,
but not for new tools added in 2.9
- make utils filelist explicit to ensure we have the right set of files
without aa- prefix in sbindir
- switch easyprof python module location to python3
- drop unused defines APPARMOR_DOC_DIR and JNI_SO
- refresh patches:
- apparmor-utils-string-split (file moved)
- apparmor-profiles-dnsmasq-iface-mtu.patch
- apparmor-2.5.1-edirectory-profile
(prepared Thu Mar 20 23:35:03 UTC 2014 in home project)
- update to AppArmor 2.8.95 (aka 2.9 beta1)
- complete rewrite of the aa-* tools in python
- new tools: aa-cleanprof, aa-mergeprof
- extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647)
- and much more, but there's no upstream changelog yet
- drop upstreamed patches and files:
- usr.sbin.winbindd
- usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff
- apparmor-init.py-gsoc.diff
- apparmor-2.8.2-nm-dnsmasq-config.patch
- add %bcond_with perl and disable the perl subpackage temporarily (the perl
modules will be back in beta2)
- drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages
(they were disabled since a long time, and upstream no longer ships their code)
and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files
- drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1)
- remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper
and got finally dropped)
- refresh apparmor-samba-include-permissions-for-shares.diff and
apparmor-2.5.1-edirectory-profile
OBS-URL: https://build.opensuse.org/request/show/247917
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=97
50 lines
1.8 KiB
Plaintext
50 lines
1.8 KiB
Plaintext
From: Jeff Mahoney <jeffm@suse.com>
|
|
Subject: apparmor-profiles: Add support for eDirectory calls from nscd
|
|
References: bnc#621394
|
|
|
|
eDirectory hooks into nscd and provides its own libraries. In order for
|
|
this to operate properly with AppArmor, it needs to be told about these
|
|
libraries.
|
|
|
|
This patch adds a new abstract profile and includes it in the nameservice
|
|
profile.
|
|
|
|
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
|
---
|
|
profiles/apparmor.d/abstractions/nameservice | 3 +++
|
|
profiles/apparmor.d/abstractions/novell-edirectory | 13 +++++++++++++
|
|
2 files changed, 16 insertions(+)
|
|
|
|
Index: profiles/apparmor.d/abstractions/nameservice
|
|
===================================================================
|
|
--- profiles/apparmor.d/abstractions/nameservice.orig 2014-09-03 21:21:31.000000000 +0200
|
|
+++ profiles/apparmor.d/abstractions/nameservice 2014-09-07 17:53:18.412834868 +0200
|
|
@@ -81,6 +81,9 @@
|
|
# kerberos
|
|
#include <abstractions/kerberosclient>
|
|
|
|
+ # Novell eDirectory
|
|
+ #include <abstractions/novell-edirectory>
|
|
+
|
|
# TCP/UDP network access
|
|
network inet stream,
|
|
network inet6 stream,
|
|
Index: profiles/apparmor.d/abstractions/novell-edirectory
|
|
===================================================================
|
|
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
+++ profiles/apparmor.d/abstractions/novell-edirectory 2014-09-07 17:53:18.412834868 +0200
|
|
@@ -0,0 +1,13 @@
|
|
+# $Id$
|
|
+# ------------------------------------------------------------------
|
|
+#
|
|
+# Copyright (C) 2010 Novell/SUSE
|
|
+#
|
|
+# This program is free software; you can redistribute it and/or
|
|
+# modify it under the terms of version 2 of the GNU General Public
|
|
+# License published by the Free Software Foundation.
|
|
+#
|
|
+# ------------------------------------------------------------------
|
|
+
|
|
+ /opt/novell/eDirectory/lib/lib*so* r,
|
|
+ /opt/novell/eDirectory/lib64/lib*so* r,
|