Hello community, here is the log from the commit of package apparmor for openSUSE:Leap:15.2 checked in at 2020-04-20 12:55:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/apparmor (Old) and /work/SRC/openSUSE:Leap:15.2/.apparmor.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Mon Apr 20 12:55:04 2020 rev:57 rq:793671 version:2.13.3 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/apparmor/apparmor.changes 2020-01-15 14:47:12.509287678 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.apparmor.new.2738/apparmor.changes 2020-04-20 12:55:18.908712145 +0200 @@ -1,0 +2,6 @@ +Thu Apr 9 18:56:09 UTC 2020 - Goldwyn Rodrigues <rgold...@suse.com> + +- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch + (bsc#1168306) + +------------------------------------------------------------------- New: ---- abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.AFobUZ/_old 2020-04-20 12:55:19.452712998 +0200 +++ /var/tmp/diff_new_pack.AFobUZ/_new 2020-04-20 12:55:19.456713005 +0200 @@ -77,6 +77,9 @@ # fix building libapparmor python bindings with python 3.8. Based on https://gitlab.com/apparmor/apparmor/merge_requests/430 but patching configure directly to avoid needing BuildRequires: aclocal Patch9: libapparmor-python3.8.diff +#Bug 1168306 - apparmor prevents the resolver from reading /etc/mdns.allow, and therefore forbids using any custom domain name +Patch10: abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -369,6 +372,7 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 %build %define _lto_cflags %{nil} ++++++ abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch ++++++ >From eeac8c11c935edf9eea2bed825af6c57e9fb52e3 Mon Sep 17 00:00:00 2001 From: Rich McAllister <Nopublic@address.provided> Date: Tue, 31 Mar 2020 21:01:21 -0700 Subject: [PATCH] abstractions: add /etc/mdns.allow to /etc/apparmor.d/abstractions/mdns References: bsc#1168306 In focal users of mdns get denials in apparmor confined applications. An exampel can be found in the original bug below. It seems it is a common pattern, see https://github.com/lathiat/nss-mdns#etcmdnsallow Therefore I'm asking to add /etc/mdns.allow r, to the file /etc/apparmor.d/abstractions/mdns" by default. --- profiles/apparmor.d/abstractions/mdns | 1 + 1 file changed, 1 insertion(+) --- a/profiles/apparmor.d/abstractions/mdns +++ b/profiles/apparmor.d/abstractions/mdns @@ -9,5 +9,6 @@ # ------------------------------------------------------------------ # mdnsd + /etc/mdns.allow r, /etc/nss_mdns.conf r, /{,var/}run/mdnsd w,