Hello community, here is the log from the commit of package apparmor-profiles checked in at Tue Feb 6 01:28:33 CET 2007. -------- --- apparmor-profiles/apparmor-profiles.changes 2007-01-24 00:40:55.000000000 +0100 +++ /mounts/work_src_done/NOARCH/apparmor-profiles/apparmor-profiles.changes 2007-02-06 00:23:52.087189000 +0100 @@ -1,0 +2,16 @@ +Tue Feb 6 00:20:44 CET 2007 - srarnold@suse.de + +- Bug 157400 - default AppArmor profile for gaim too restrictive +- Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to + create /var/lib/nfs/sm/<server>: err=-2" +- Bug 225615 - apparmor rejects glibc AT_PLATFORM directories +- Bug 143281 - Insuffisient settings in default profiles, at least for + man & gaim: +- Bug 181253 - apparmor rejects access for sendmail to + /var/lib/sendmail/statistics +- Bug 202095 - useradd / userdel profiles incomplete +- Bug 190079 - sendmail can't open control socket +- Bug 240734 - Applications using nss_ldap need to have access to + ldap.secret + +------------------------------------------------------------------- Old: ---- apparmor-profiles-2.0.1-308.tar.gz New: ---- apparmor-profiles-2.0.1-325.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor-profiles.spec ++++++ --- /var/tmp/diff_new_pack.V20107/_old 2007-02-06 01:27:26.000000000 +0100 +++ /var/tmp/diff_new_pack.V20107/_new 2007-02-06 01:27:26.000000000 +0100 @@ -16,9 +16,9 @@ %endif Summary: AppArmor profiles that are loaded into the apparmor kernel module Version: 2.0.1 -Release: 21 +Release: 22 Group: Productivity/Security -Source0: %{name}-%{version}-308.tar.gz +Source0: %{name}-%{version}-325.tar.gz License: GNU General Public License (GPL) BuildRoot: %{_tmppath}/%{name}-%{version}-build URL: http://forge.novell.com/modules/xfmod/project/?apparmor @@ -77,6 +77,19 @@ %preun %changelog -n apparmor-profiles +* Tue Feb 06 2007 - srarnold@suse.de +- Bug 157400 - default AppArmor profile for gaim too restrictive +- Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to + create /var/lib/nfs/sm/<server>: err=-2" +- Bug 225615 - apparmor rejects glibc AT_PLATFORM directories +- Bug 143281 - Insuffisient settings in default profiles, at least for + man & gaim: +- Bug 181253 - apparmor rejects access for sendmail to + /var/lib/sendmail/statistics +- Bug 202095 - useradd / userdel profiles incomplete +- Bug 190079 - sendmail can't open control socket +- Bug 240734 - Applications using nss_ldap need to have access to + ldap.secret * Wed Jan 24 2007 - srarnold@suse.de - More fixes from Volker Kuhlmann - /tmp symlink to /var/tmp for ntpd ++++++ apparmor-profiles-2.0.1-308.tar.gz -> apparmor-profiles-2.0.1-325.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/abstractions/base new/apparmor-profiles-2.0.1/abstractions/base --- old/apparmor-profiles-2.0.1/abstractions/base 2006-11-09 08:35:44.000000000 +0100 +++ new/apparmor-profiles-2.0.1/abstractions/base 2007-01-26 11:14:37.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: base 214 2006-11-09 07:35:44Z seth_arnold $ +# $Id: base 312 2007-01-26 10:14:37Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -47,22 +47,14 @@ # we might as well allow everything to use common libraries /lib/lib*.so* mr, - /lib/tls/lib*.so* mr, - /lib/power4/lib*.so* mr, - /lib/power5/lib*.so* mr, - /lib/power5+/lib*.so* mr, - /lib64/power4/lib*.so* mr, - /lib64/power5/lib*.so* mr, - /lib64/power5+/lib*.so* mr, + /lib/*/lib*.so* mr, + /lib64/*/lib*.so* mr, /usr/lib/*.so* mr, - /usr/lib/tls/lib*.so* mr, - /usr/lib/power4/lib*.so* mr, - /usr/lib/power5/lib*.so* mr, - /usr/lib/power5+/lib*.so* mr, + /usr/lib/*/lib*.so* mr, /lib64/lib*.so* mr, - /lib64/tls/lib*.so* mr, + /lib64/*/lib*.so* mr, /usr/lib64/*.so* mr, - /usr/lib64/tls/lib*.so* mr, + /usr/lib64/*/lib*.so* mr, # /dev/null is pretty harmless and frequently used /dev/null rw, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/abstractions/nameservice new/apparmor-profiles-2.0.1/abstractions/nameservice --- old/apparmor-profiles-2.0.1/abstractions/nameservice 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.1/abstractions/nameservice 2007-02-01 02:00:52.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: nameservice 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: nameservice 325 2007-02-01 01:00:52Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -17,6 +17,7 @@ /etc/host.conf r, /etc/hosts r, /etc/ldap.conf r, + /etc/ldap.secret r, /etc/nsswitch.conf r, /etc/passwd r, /etc/protocols r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/opt.gnome.bin.gaim new/apparmor-profiles-2.0.1/extras/opt.gnome.bin.gaim --- old/apparmor-profiles-2.0.1/extras/opt.gnome.bin.gaim 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.1/extras/opt.gnome.bin.gaim 2007-01-26 12:06:01.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: opt.gnome.bin.gaim 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: opt.gnome.bin.gaim 315 2007-01-26 11:06:01Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -33,10 +33,13 @@ @{HOME}/.fonts r, @{HOME}/.gaim r, @{HOME}/.gaim/** lrw, + @{HOME}/.gnome2/nautilus-sendto/* rw, @{HOME}/.gtk_qt_engine_rc r, - @{HOME}/.icons r, + @{HOME}/.icons/** r, + @{HOME}/.mcop/random-seed rw, @{HOME}/.mcoprc r, @{HOME}/.kde/share/config/gtkrc-* r, + @{HOME}/.themes/** r, /opt/MozillaFirefox/bin/firefox.sh Px, /opt/gnome/bin/gaim mixr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/sbin.rpc.statd new/apparmor-profiles-2.0.1/extras/sbin.rpc.statd --- old/apparmor-profiles-2.0.1/extras/sbin.rpc.statd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.1/extras/sbin.rpc.statd 2007-01-26 10:57:42.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: sbin.rpc.statd 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: sbin.rpc.statd 311 2007-01-26 09:57:42Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -19,6 +19,7 @@ /sm rw, /sm.bak rw, /state rw, + /var/lib/nfs/sm/* rw, /var/lib/nfs/statd rw, /var/lib/nfs/statd/sm r, /var/lib/nfs/statd/sm/* rwl, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.lib.man-db.man new/apparmor-profiles-2.0.1/extras/usr.lib.man-db.man --- old/apparmor-profiles-2.0.1/extras/usr.lib.man-db.man 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.1/extras/usr.lib.man-db.man 2007-01-26 11:52:26.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: usr.lib.man-db.man 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.man-db.man 314 2007-01-26 10:52:26Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -32,6 +32,7 @@ /etc/man.config r, /etc/papersize r, /etc/termcap r, + /opt/gnome/man/** r, /proc/sys/kernel/ngroups_max r, /usr/bin/apropos Px, /usr/bin/cmp rmix, @@ -48,5 +49,6 @@ /usr/bin/zsoelim rmix, /usr/share/groff/** r, /usr/share/terminfo/** r, + /usr/share/texmf/teTeX/man/** r, /var/cache/man/** r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.sendmail new/apparmor-profiles-2.0.1/extras/usr.sbin.sendmail --- old/apparmor-profiles-2.0.1/extras/usr.sbin.sendmail 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.1/extras/usr.sbin.sendmail 2007-01-26 14:56:52.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.sendmail 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.sendmail 318 2007-01-26 13:56:52Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -67,7 +67,9 @@ /usr/sbin/sendmail rmix, /usr/sbin/sendmail.postfix rmix, /usr/sbin/sendmail.sendmail rmix, + /var/lib/sendmail/statistics rwl, /var/run/sendmail.pid rwl, + /var/run/sendmail/control rw, /var/run/sm-client.pid rwl, /var/run/utmp rw, /var/spool/clientmqueue r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.userdel new/apparmor-profiles-2.0.1/extras/usr.sbin.userdel --- old/apparmor-profiles-2.0.1/extras/usr.sbin.userdel 2006-11-13 10:53:10.000000000 +0100 +++ new/apparmor-profiles-2.0.1/extras/usr.sbin.userdel 2007-01-26 14:28:39.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.userdel 228 2006-11-13 09:53:10Z seth_arnold $ +# $Id: usr.sbin.userdel 317 2007-01-26 13:28:39Z seth_arnold $ # vim:syntax=apparmor # ------------------------------------------------------------------ # @@ -25,8 +25,8 @@ capability dac_read_search, capability sys_resource, - /bin/cat mix, - /bin/bash mix, + /bin/cat rmix, + /bin/bash rmix, /dev/log w, /etc/.pwd.lock rw, /etc/cron.deny r, @@ -39,11 +39,11 @@ /etc/pwdutils/logging r, @{HOMEDIRS}** rwl, /proc/*/mounts r, - /usr/bin/crontab ixr, + /usr/bin/crontab rmix, /usr/lib*/pwdutils/*.so.* mr, /usr/sbin/userdel rmix, - /usr/sbin/userdel-post.local ixr, - /usr/sbin/userdel-pre.local ixr, + /usr/sbin/userdel-post.local rmix, + /usr/sbin/userdel-pre.local rmix, /usr/sbin/userdel rmix, /var/log/lastlog rw, # XXX ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org