Hello community,
here is the log from the commit of package apparmor for openSUSE:Factory
checked in at 2014-12-23 11:50:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
and /work/SRC/openSUSE:Factory/.apparmor.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2014-11-24
11:11:20.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2014-12-23
11:48:54.000000000 +0100
@@ -1,0 +2,20 @@
+Mon Dec 22 10:26:15 UTC 2014 - cbosdon...@suse.com
+
+- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
+ argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
+ leasehealper script to run even on x86_64.
+ dnsmasq-profile-fixes.patch. boo#911001
+
+-------------------------------------------------------------------
+Sun Dec 21 16:22:27 UTC 2014 - opens...@cboltz.de
+
+- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the
+ script filename
+
+-------------------------------------------------------------------
+Wed Dec 10 10:15:16 UTC 2014 - meiss...@suse.com
+
+- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs
+ confinement. bnc#906858
+
+-------------------------------------------------------------------
New:
----
apparmor-lessopen-profile.patch
dnsmasq-profile-fixes.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.CrN46h/_old 2014-12-23 11:48:55.000000000 +0100
+++ /var/tmp/diff_new_pack.CrN46h/_new 2014-12-23 11:48:55.000000000 +0100
@@ -92,6 +92,12 @@
# (bnc#900013, not for upstream)
Patch6: apparmor-abstractions-no-multiline.diff
+# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
+Patch7: apparmor-lessopen-profile.patch
+
+# boo#911001 - Allow executing --dhcp-client script
+Patch8: dnsmasq-profile-fixes.patch
+
Url: https://launchpad.net/apparmor
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -430,6 +436,8 @@
%endif
%patch6
+%patch7 -p1
+%patch8 -p1
# search for left-over multiline rules
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$'
profiles/apparmor.d/)"
++++++ apparmor-lessopen-profile.patch ++++++
Index: apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen
===================================================================
--- /dev/null
+++ apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen.sh
@@ -0,0 +1,39 @@
+# Last Modified: Fri Nov 28 08:01:09 2014
+#include <tunables/global>
+
+/usr/bin/lessopen.sh {
+ #include <abstractions/base>
+ #include <abstractions/bash>
+ #include <abstractions/consoles>
+ #include <abstractions/perl>
+
+ /** rk,
+ /bin/bash ix,
+ /bin/rpm rix,
+ /bin/tar rix,
+ /tmp/less.* rw,
+ /usr/bin/bzip2 rix,
+ /usr/bin/cabextract rix,
+ /usr/bin/cat rix,
+ /usr/bin/colordiff rix,
+ /usr/bin/dvi2tty rix,
+ /usr/bin/file rix,
+ /usr/bin/grep rix,
+ /usr/bin/groff rix,
+ /usr/bin/gzip rix,
+ /usr/bin/head rix,
+ /usr/bin/lynx rix,
+ /usr/bin/mktemp rix,
+ /usr/bin/nm rix,
+ /usr/bin/pdftotext rix,
+ /usr/bin/ps2ascii rix,
+ /usr/bin/rm rix,
+ /usr/bin/seq rix,
+ /usr/bin/tar rix,
+ /usr/bin/unzip rix,
+ /usr/bin/w3m rix,
+ /usr/bin/which rix,
+ /usr/bin/xz rix,
+
+ #include <local/usr.bin.lessopen.sh>
+}
++++++ dnsmasq-profile-fixes.patch ++++++
Index: apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
===================================================================
--- apparmor-2.9.0.orig/profiles/apparmor.d/usr.sbin.dnsmasq
+++ apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -44,6 +44,8 @@
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
+ /bin/bash ix, # Required to execute --dhcp-script argument
+
# access to iface mtu needed for Router Advertisement messages in IPv6
# Neighbor Discovery protocol (RFC 2461)
@{PROC}/sys/net/ipv6/conf/*/mtu r,
@@ -63,7 +65,7 @@
/{,var/}run/libvirt/network/*.pid rw,
# libvirt lease helper
- /usr/lib/libvirt/libvirt_leaseshelper ix,
+ /usr/{lib,lib64}/libvirt/libvirt_leaseshelper ix,
/{,var/}run/leaseshelper.pid rwk,
# NetworkManager integration
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
