Accepting request 843764 from games:tools
OBS-URL: https://build.opensuse.org/request/show/843764 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mumble?expand=0&rev=63
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
a54b1c0f26
@ -14,6 +14,8 @@ Requires=var-run.mount network.target remote-fs.target time-sync.target
|
|||||||
After=var-run.mount network.target remote-fs.target time-sync.target mysql.target
|
After=var-run.mount network.target remote-fs.target time-sync.target mysql.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
User=mumble-server
|
||||||
|
Group=mumble-server
|
||||||
ExecStart=/usr/sbin/murmurd -fg -ini /etc/mumble-server.ini
|
ExecStart=/usr/sbin/murmurd -fg -ini /etc/mumble-server.ini
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|||||||
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Oct 24 02:05:14 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
||||||
|
|
||||||
|
- update apparmor profiles to get warning free again on 15.2
|
||||||
|
- use abstractions for ssl files
|
||||||
|
- allow inet dgram sockets as mumble can also work via udp
|
||||||
|
- allow netlink socket (probably for dbus)
|
||||||
|
- properly allow lsb_release again
|
||||||
|
- add support for optional local include
|
||||||
|
- start murmurd directly as user mumble-server it gets rid of the
|
||||||
|
dac_override/setgid/setuid/chown permissions
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
Mon Oct 05 19:58:21 UTC 2020 - Markus Ebner <info@ebner-markus.de>
|
Mon Oct 05 19:58:21 UTC 2020 - Markus Ebner <info@ebner-markus.de>
|
||||||
|
|
||||||
- Update to upstream version 1.3.3
|
- Update to upstream version 1.3.3
|
||||||
|
|||||||
@ -8,23 +8,14 @@ profile murmurd /usr/sbin/murmurd {
|
|||||||
#include <abstractions/ssl_certs>
|
#include <abstractions/ssl_certs>
|
||||||
#include <abstractions/user-tmp>
|
#include <abstractions/user-tmp>
|
||||||
|
|
||||||
/etc/ssl/certs/** r,
|
|
||||||
deny /usr/share/ssl/ r,
|
|
||||||
deny /usr/share/ssl/** r,
|
|
||||||
|
|
||||||
# FIXME: mumble has weird capability handling. None of the first four should be
|
|
||||||
# needed if the code is adjusted
|
|
||||||
capability dac_override,
|
|
||||||
capability setgid,
|
|
||||||
capability setuid,
|
|
||||||
capability chown,
|
|
||||||
|
|
||||||
# needed for real time scheduling of the mixer threads
|
# needed for real time scheduling of the mixer threads
|
||||||
capability sys_resource,
|
capability sys_resource,
|
||||||
# not needed anymore
|
|
||||||
# capability net_admin,
|
|
||||||
|
|
||||||
|
network inet dgram,
|
||||||
network inet stream,
|
network inet stream,
|
||||||
|
network netlink,
|
||||||
|
|
||||||
|
/usr/share/icu/*/icu*.dat r,
|
||||||
|
|
||||||
/etc/mumble-server.ini rk,
|
/etc/mumble-server.ini rk,
|
||||||
/usr/bin/lsb_release cx,
|
/usr/bin/lsb_release cx,
|
||||||
@ -37,14 +28,15 @@ profile murmurd /usr/sbin/murmurd {
|
|||||||
#include <abstractions/base>
|
#include <abstractions/base>
|
||||||
#include <abstractions/consoles>
|
#include <abstractions/consoles>
|
||||||
|
|
||||||
/{usr/,}bin/bash r,
|
/{usr/,}bin/bash rm,
|
||||||
/proc/meminfo r,
|
/proc/meminfo r,
|
||||||
/usr/bin/getopt rix,
|
/usr/bin/getopt rmix,
|
||||||
/usr/bin/head rix,
|
/usr/bin/head rmix,
|
||||||
/usr/bin/grep rix,
|
/usr/bin/grep rmix,
|
||||||
/usr/bin/sed rix,
|
/usr/bin/sed rmix,
|
||||||
/usr/bin/cut rix,
|
/usr/bin/cut rmix,
|
||||||
/usr/bin/lsb_release r,
|
/usr/bin/lsb_release r,
|
||||||
/etc/SuSE-release r,
|
/etc/SuSE-release r,
|
||||||
}
|
}
|
||||||
|
#include if exists <local/usr.sbin.murmurd>
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user