Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package akonadi-server for openSUSE:Factory
checked in at 2021-07-16 00:00:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/akonadi-server (Old)
and /work/SRC/openSUSE:Factory/.akonadi-server.new.2625 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "akonadi-server"
Fri Jul 16 00:00:20 2021 rev:85 rq:905728 version:21.04.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/akonadi-server/akonadi-server.changes
2021-07-09 23:58:12.709050584 +0200
+++ /work/SRC/openSUSE:Factory/.akonadi-server.new.2625/akonadi-server.changes
2021-07-16 00:02:15.892732369 +0200
@@ -1,0 +2,7 @@
+Sun Jul 11 16:59:05 UTC 2021 - Christian Boltz <suse-b...@cboltz.de>
+
+- update akonadi-apparmor-opensuse.diff: add openSUSE Postgresql
+ path in AppArmor profiles (and make it a variable to keep the
+ profiles readable) and some more rules for Postgresql
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ akonadi-apparmor-opensuse.diff ++++++
--- /var/tmp/diff_new_pack.giwmE7/_old 2021-07-16 00:02:16.532730101 +0200
+++ /var/tmp/diff_new_pack.giwmE7/_new 2021-07-16 00:02:16.532730101 +0200
@@ -2,51 +2,111 @@
From: Christian Boltz <suse-b...@cboltz.de>
-- add paths to match the openSUSE file location
-- add 'abi' rules to enable and enforce all AppArmor features
+* add paths to match the openSUSE file location
+* use @{postgresqlpath} for the various postgresql paths (and add
+ /usr/lib/postgresql*[0-9]/ for openSUSE)
+* add 'abi' rules to enable and enforce all AppArmor features
-Index: b/apparmor/mariadbd_akonadi
+Index: akonadi-21.04.3/apparmor/mariadbd_akonadi
===================================================================
---- a/apparmor/mariadbd_akonadi 2021-04-22 18:21:40.000000000 +0200
-+++ b/apparmor/mariadbd_akonadi 2021-06-05 18:47:31.029159467 +0200
+--- akonadi-21.04.3.orig/apparmor/mariadbd_akonadi 2021-06-08
21:02:40.000000000 +0200
++++ akonadi-21.04.3/apparmor/mariadbd_akonadi 2021-07-11 18:47:18.489487989
+0200
@@ -1,3 +1,5 @@
+abi <abi/3.0>,
+
#include <tunables/global>
@{xdg_data_home}=@{HOME}/.local/share
-Index: b/apparmor/mysqld_akonadi
+Index: akonadi-21.04.3/apparmor/mysqld_akonadi
===================================================================
---- a/apparmor/mysqld_akonadi 2021-04-22 18:21:40.000000000 +0200
-+++ b/apparmor/mysqld_akonadi 2021-06-05 18:47:36.609147822 +0200
+--- akonadi-21.04.3.orig/apparmor/mysqld_akonadi 2021-06-08
21:02:40.000000000 +0200
++++ akonadi-21.04.3/apparmor/mysqld_akonadi 2021-07-11 18:47:18.489487989
+0200
@@ -1,3 +1,5 @@
+abi <abi/3.0>,
+
#include <tunables/global>
@{xdg_data_home}=@{HOME}/.local/share
-Index: b/apparmor/postgresql_akonadi
+Index: akonadi-21.04.3/apparmor/postgresql_akonadi
===================================================================
---- a/apparmor/postgresql_akonadi 2021-04-22 18:21:40.000000000 +0200
-+++ b/apparmor/postgresql_akonadi 2021-06-05 18:47:38.149144609 +0200
-@@ -1,3 +1,5 @@
+--- akonadi-21.04.3.orig/apparmor/postgresql_akonadi 2021-06-08
21:02:40.000000000 +0200
++++ akonadi-21.04.3/apparmor/postgresql_akonadi 2021-07-11
18:47:58.253406613 +0200
+@@ -1,8 +1,12 @@
+abi <abi/3.0>,
+
#include <tunables/global>
@{xdg_data_home}=@{HOME}/.local/share
-Index: b/apparmor/usr.bin.akonadiserver
+
+-profile postgresql_akonadi {
++@{postgresqlpath} = /usr/ /usr/lib/postgresql/*/ /usr/lib/postgresql*[0-9]/
/opt/pgsql*/
++
++profile postgresql_akonadi flags=(attach_disconnected) {
+ #include <abstractions/base>
+ #include <abstractions/bash>
+ #include <abstractions/consoles>
+@@ -15,27 +19,30 @@ profile postgresql_akonadi {
+ signal receive set=kill peer=/usr/bin/akonadiserver,
+ signal receive set=term peer=/usr/bin/akonadiserver,
+
++ deny / rw, # disconnected path
++
+ /etc/passwd r,
+ /{usr/,}bin/{b,d}ash mrix,
+ /{usr/,}bin/locale mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/initdb mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_ctl mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/postgres mrix,
++ @{postgresqlpath}/bin/initdb mrix,
++ @{postgresqlpath}/bin/pg_ctl mrix,
++ @{postgresqlpath}/bin/postgres mrix,
+ /usr/share/postgresql/** r,
++ /usr/share/postgresql*[0-9]/timezonesets/Default r, # use globbing?
+ owner /dev/shm/PostgreSQL.* rw,
+ owner @{xdg_data_home}/akonadi/** rwlk,
+ owner @{xdg_data_home}/akonadi/db_data/** l,
+ owner /{,var/}run/user/@{uid}/akonadi** rwk,
+
+ # pg_upgrade
+- /{usr/,usr/lib/postgresql/*/}bin/pg_upgrade mrix,
++ @{postgresqlpath}/bin/pg_upgrade mrix,
+ /opt/pgsql*/** mr,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_controldata mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_resetwal mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_dumpall mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_dump mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/vacuumdb mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/psql mrix,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_restore mrix,
++ @{postgresqlpath}/bin/pg_controldata mrix,
++ @{postgresqlpath}/bin/pg_resetwal mrix,
++ @{postgresqlpath}/bin/pg_dumpall mrix,
++ @{postgresqlpath}/bin/pg_dump mrix,
++ @{postgresqlpath}/bin/vacuumdb mrix,
++ @{postgresqlpath}/bin/psql mrix,
++ @{postgresqlpath}/bin/pg_restore mrix,
+ /{usr/,}bin/cp mrix,
+ }
+Index: akonadi-21.04.3/apparmor/usr.bin.akonadiserver
===================================================================
---- a/apparmor/usr.bin.akonadiserver 2021-04-22 18:21:40.000000000 +0200
-+++ b/apparmor/usr.bin.akonadiserver 2021-06-05 18:47:44.697130942 +0200
-@@ -1,3 +1,5 @@
+--- akonadi-21.04.3.orig/apparmor/usr.bin.akonadiserver 2021-06-08
21:02:40.000000000 +0200
++++ akonadi-21.04.3/apparmor/usr.bin.akonadiserver 2021-07-11
18:49:46.837184405 +0200
+@@ -1,9 +1,13 @@
+abi <abi/3.0>,
+
#include <tunables/global>
@{xdg_data_home}=@{HOME}/.local/share
-@@ -37,6 +39,7 @@
+
+ @{xdg_config_home}=@{HOME}/.config
+
++@{postgresqlpath} = /usr/ /usr/lib/postgresql/*/ /usr/lib/postgresql*[0-9]/
/opt/pgsql*/
++
+ /usr/bin/akonadiserver {
+ #include <abstractions/base>
+ #include <abstractions/consoles>
+@@ -37,6 +41,7 @@
/etc/xdg/** r,
/usr/bin/akonadiserver mr,
/usr/lib/x86_64-linux-gnu/libexec/drkonqi PUx,
@@ -54,9 +114,18 @@
/usr/bin/mariadb-admin PUx -> mariadbd_akonadi,
/usr/bin/mariadb-check PUx -> mariadbd_akonadi,
/usr/bin/mariadb-install-db PUx -> mariaddbd_akonadi,
-@@ -49,10 +52,12 @@
- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_ctl PUx ->
postgresql_akonadi,
- /{usr/,usr/lib/postgresql/*/}bin/pg_upgrade PUx -> postgresql_akonadi,
+@@ -45,14 +50,18 @@
+ /usr/bin/mysqladmin PUx -> mysqld_akonadi,
+ /usr/bin/mysqlcheck PUx -> mysqld_akonadi,
+ /usr/{,s}bin/mysqld PUx -> mysqld_akonadi,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/initdb PUx ->
postgresql_akonadi,
+- /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_ctl PUx ->
postgresql_akonadi,
+- /{usr/,usr/lib/postgresql/*/}bin/pg_upgrade PUx -> postgresql_akonadi,
++ @{postgresqlpath}/bin/initdb PUx -> postgresql_akonadi,
++ @{postgresqlpath}/bin/pg_ctl PUx -> postgresql_akonadi,
++ @{postgresqlpath}/bin/pg_upgrade PUx -> postgresql_akonadi,
++ /usr/local/share/mime/mime.cache r,
++ /usr/local/share/mime/types r,
/usr/sbin/mysqld PUx -> mysqld_akonadi,
+ /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/mime/mime.cache r,
