commit apparmor for openSUSE:Factory

root Tue, 05 Dec 2017 23:53:21 -0800

Hello community,

here is the log from the commit of package apparmor for openSUSE:Factory 
checked in at 2017-12-06 08:52:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.apparmor.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "apparmor"

Wed Dec  6 08:52:57 2017 rev:108 rq:547738 version:2.11.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes        2017-10-27 
13:47:54.913895720 +0200
+++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes   2017-12-06 
08:52:58.429318465 +0100
@@ -1,0 +2,6 @@
+Wed Nov 29 15:26:48 UTC 2017 - rgold...@suse.com
+
+- read_inactive_profile-exactly-once.patch (bsc#1069346)
+  Perform reading of inactive profiles exactly once.
+
+-------------------------------------------------------------------

New:
----
  read_inactive_profile-exactly-once.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.HF5tjG/_old  2017-12-06 08:52:59.529278197 +0100
+++ /var/tmp/diff_new_pack.HF5tjG/_new  2017-12-06 08:52:59.533278051 +0100
@@ -84,6 +84,9 @@
 # Fix sorted() regression in save_profiles() - submitted upstream 2017-10-22
 Patch17:        utils-fix-sorted-save_profiles-regression.diff
 
+# bsc#1069346
+Patch18:        read_inactive_profile-exactly-once.patch
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -384,6 +387,7 @@
 %patch15 -p1
 %patch16
 %patch17
+%patch18 -p1
 
 # search for left-over multiline rules
 test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' 
profiles/apparmor.d/)"



++++++ read_inactive_profile-exactly-once.patch ++++++
commit b307e535fa26bff0abffb6bfd1aeab5d6c7c3622
Author: Christian Boltz <appar...@cboltz.de>
Date:   Tue Nov 28 21:46:36 2017 +0100

    Let read_inactive_profiles() do nothing when calling it the second time
    
    autodep() calls read_inactive_profiles() each time it's called (= for
    each binary). The result is a "Conflicting profile" error (showing the
    same filename twice) if autodep() runs more than once. This can easily
    happen when using "aa-autodep /usr/bin/*".
    
    This patch adds an attribute to read_inactive_profiles() that lets the
    function return without doing anything if was called before.

---
 utils/apparmor/aa.py |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -2107,6 +2107,13 @@ def read_profiles():
                 read_profile(profile_dir + '/' + file, True)
 
 def read_inactive_profiles():
+    if hasattr(read_inactive_profiles, 'already_read'):
+        # each autodep() run calls read_inactive_profiles, but that's a) 
superfluous and b) triggers a conflict because the inactive profiles are 
already loaded
+        # therefore don't do anything if the inactive profiles were already 
loaded
+        return
+
+    read_inactive_profiles.already_read = True
+
     if not os.path.exists(extra_profile_dir):
         return None
     try:

commit apparmor for openSUSE:Factory

Reply via email to