2863c2011e
- update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652)
- add unix abstract sockets, ptrace, and signal policy generation
- several bugfixes in the python tools and elsewhere
- move program-chunks/postfix-common to abstractions/
- drop upstreamed patches:
- apparmor-profiles-clustered-samba.diff
- perl-apparmor-fix-bare-network-keyword-handling.diff
- perl-apparmor-handle-bare-capability-keyword.diff
- perl-apparmor-properly-handle-bare-file-keyword.diff
- re-enable installation of perl modules
- move python modules to python3-apparmor package
- create symlinks without aa- prefix only for tools existing in 2.8.x,
but not for new tools added in 2.9
- make utils filelist explicit to ensure we have the right set of files
without aa- prefix in sbindir
- switch easyprof python module location to python3
- drop unused defines APPARMOR_DOC_DIR and JNI_SO
- refresh patches:
- apparmor-utils-string-split (file moved)
- apparmor-profiles-dnsmasq-iface-mtu.patch
- apparmor-2.5.1-edirectory-profile
(prepared Thu Mar 20 23:35:03 UTC 2014 in home project)
- update to AppArmor 2.8.95 (aka 2.9 beta1)
- complete rewrite of the aa-* tools in python
- new tools: aa-cleanprof, aa-mergeprof
- extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647)
- and much more, but there's no upstream changelog yet
- drop upstreamed patches and files:
- usr.sbin.winbindd
- usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff
- apparmor-init.py-gsoc.diff
- apparmor-2.8.2-nm-dnsmasq-config.patch
- add %bcond_with perl and disable the perl subpackage temporarily (the perl
modules will be back in beta2)
- drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages
(they were disabled since a long time, and upstream no longer ships their code)
and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files
- drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1)
- remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper
and got finally dropped)
- refresh apparmor-samba-include-permissions-for-shares.diff and
apparmor-2.5.1-edirectory-profile
OBS-URL: https://build.opensuse.org/request/show/247917
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=97
31 lines
1.0 KiB
Diff
31 lines
1.0 KiB
Diff
Allow dnsmasq read access to IPv6 config
|
|
|
|
The IPv6 Neighbor Discovery protocol (RFC 2461) suggests
|
|
implementations provide MTU in Router Advertisement (RA)
|
|
messages. From section 4.2
|
|
|
|
MTU SHOULD be sent on links that have a variable MTU
|
|
(as specified in the document that describes how to
|
|
run IP over the particular link type). MAY be sent
|
|
on other links.
|
|
|
|
dnsmasq supports this option and should have read access
|
|
to an interface's MTU.
|
|
|
|
|
|
Index: apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
===================================================================
|
|
--- apparmor-2.8.3.orig/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
+++ apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
@@ -44,6 +44,10 @@
|
|
|
|
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
|
|
|
|
+ # access to iface mtu needed for Router Advertisement messages in IPv6
|
|
+ # Neighbor Discovery protocol (RFC 2461)
|
|
+ @{PROC}/sys/net/ipv6/conf/*/mtu r,
|
|
+
|
|
# for the read-only TFTP server
|
|
@{TFTP_DIR}/ r,
|
|
@{TFTP_DIR}/** r,
|