commit apparmor for openSUSE:Factory

Wed, 28 Feb 2024 10:45:38 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apparmor for openSUSE:Factory 
checked in at 2024-02-28 19:44:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.apparmor.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apparmor"

Wed Feb 28 19:44:44 2024 rev:203 rq:1151926 version:3.1.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes        2024-02-21 
17:54:49.199837287 +0100
+++ /work/SRC/openSUSE:Factory/.apparmor.new.1770/apparmor.changes      
2024-02-28 19:44:57.201092502 +0100
@@ -1,0 +2,5 @@
+Mon Feb 26 17:25:58 UTC 2024 - Ludwig Nussel <lnus...@suse.com>
+
+- Fix systemd userdb access in unix-chkpwd
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
libapparmor.spec: same change


++++++ dovecot-unix_chkpwd.diff ++++++
--- /var/tmp/diff_new_pack.wKEAP9/_old  2024-02-28 19:44:58.045122968 +0100
+++ /var/tmp/diff_new_pack.wKEAP9/_new  2024-02-28 19:44:58.045122968 +0100
@@ -1,8 +1,8 @@
-Index: apparmor-3.1.6/profiles/apparmor.d/unix-chkpwd
+Index: apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd
 ===================================================================
---- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ apparmor-3.1.6/profiles/apparmor.d/unix-chkpwd     2024-01-29 
21:53:27.234254724 +0100
-@@ -0,0 +1,31 @@
+--- /dev/null
++++ apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd
+@@ -0,0 +1,35 @@
 +# apparmor.d - Full set of apparmor profiles
 +# Copyright (C) 2019-2021 Mikhail Morfikov
 +# SPDX-License-Identifier: GPL-2.0-only
@@ -29,16 +29,20 @@
 +
 +  /etc/shadow r,
 +
++  # systemd userdb, used in nspawn
++  /run/host/userdb/*.user r,
++  /run/host/userdb/*.user-privileged r,
++
 +  # file_inherit
 +  owner /dev/tty[0-9]* rw,
 +
 +  include if exists <local/unix-chkpwd>
 +}
-Index: apparmor-3.1.6/profiles/apparmor.d/usr.lib.dovecot.auth
+Index: apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth
 ===================================================================
---- apparmor-3.1.6.orig/profiles/apparmor.d/usr.lib.dovecot.auth       
2023-06-21 23:13:41.000000000 +0200
-+++ apparmor-3.1.6/profiles/apparmor.d/usr.lib.dovecot.auth    2024-01-29 
21:45:32.528140518 +0100
-@@ -52,8 +52,12 @@ profile dovecot-auth /usr/lib/dovecot/au
+--- apparmor-3.1.7.orig/profiles/apparmor.d/usr.lib.dovecot.auth
++++ apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth
+@@ -52,8 +52,12 @@ profile dovecot-auth /usr/lib*/dovecot/a
    @{run}/dovecot/stats-user rw,
    @{run}/dovecot/anvil-auth-penalty rw,

Reply via email to