commit apparmor for openSUSE:Factory

Source-Sync Sat, 27 Aug 2022 02:48:33 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apparmor for openSUSE:Factory 
checked in at 2022-08-27 11:48:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.apparmor.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "apparmor"

Sat Aug 27 11:48:21 2022 rev:180 rq:999414 version:3.0.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes        2022-08-09 
15:26:31.525311981 +0200
+++ /work/SRC/openSUSE:Factory/.apparmor.new.2083/apparmor.changes      
2022-08-27 11:48:23.549624262 +0200
@@ -1,0 +2,6 @@
+Fri Aug 26 11:37:21 UTC 2022 - David Disseldorp <dd...@suse.com>
+
+- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
+  https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
+
+-------------------------------------------------------------------

New:
----
  profiles-permit-php-fpm-pid-files-directly-under-run.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.Pp8Vnz/_old  2022-08-27 11:48:24.177625611 +0200
+++ /var/tmp/diff_new_pack.Pp8Vnz/_new  2022-08-27 11:48:24.181625620 +0200
@@ -86,6 +86,9 @@
 # add missing r permissions for dnsmasc//libvirt-leaseshelper (submitted 
upstream 2022-08-08 https://gitlab.com/apparmor/apparmor/-/merge_requests/905)
 Patch10:        dnsmasq.diff
 
+# permit php-fpm pid files under run (merged upstream 2022-08-26 
https://gitlab.com/apparmor/apparmor/-/merge_requests/914)
+Patch11:        profiles-permit-php-fpm-pid-files-directly-under-run.patch
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -353,6 +356,7 @@
 %patch6
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 %build
 export SUSE_ASNEEDED=0



++++++ profiles-permit-php-fpm-pid-files-directly-under-run.patch ++++++
>From d8533ec851ccf188b17136fdab67d0481cae357d Mon Sep 17 00:00:00 2001
From: David Disseldorp <dd...@suse.de>
Date: Thu, 25 Aug 2022 23:44:16 +0200
Subject: [PATCH] profiles: permit php-fpm pid files directly under run/

The upstream php-fpm.conf file carries the following pid file example
path:
  [global]
  ; Pid file
  ; Note: the default prefix is @EXPANDED_LOCALSTATEDIR@
  ; Default Value: none
  ;pid = run/php-fpm.pid

Add this path to profiles/apparmor.d/php-fpm, alongside the current
nested "@{run}/php{,-fpm}/php*-fpm.pid" wildcard.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/267

Suggested-by: Ali Abdallah <ali.abdal...@suse.com>
Signed-off-by: David Disseldorp <dd...@suse.de>
---
 profiles/apparmor.d/php-fpm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
index 14b3c719..0dcc8c7d 100644
--- a/profiles/apparmor.d/php-fpm
+++ b/profiles/apparmor.d/php-fpm
@@ -35,6 +35,7 @@ profile php-fpm /usr/sbin/php-fpm* 
flags=(attach_disconnected) {
 
   # we need to be able to create all sockets
   @{run}/php{,-fpm}/php*-fpm.pid rw,
+  @{run}/php*-fpm.pid rw,
   @{run}/php{,-fpm}/php*-fpm.sock rwlk,
 
   # to reload
-- 
2.35.3

commit apparmor for openSUSE:Factory

Reply via email to