Hello community,
here is the log from the commit of package apparmor-profiles
checked in at Sun Apr 1 12:00:48 CEST 2007.
--------
--- apparmor-profiles/apparmor-profiles.changes 2007-02-06 00:23:52.000000000 +0100
+++ /mounts/work_src_done/NOARCH/apparmor-profiles/apparmor-profiles.changes 2007-03-31 01:38:14.000000000 +0200
@@ -1,0 +2,5 @@
+Sat Mar 31 01:37:36 CEST 2007 - agruen@suse.de
+
+- Update to version 2.0.2: DFA based kernel module.
+
+-------------------------------------------------------------------
Old:
----
apparmor-profiles-2.0.1-325.tar.gz
New:
----
apparmor-profiles-2.0.2-521.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-profiles.spec ++++++
--- /var/tmp/diff_new_pack.YG1323/_old 2007-04-01 12:00:37.000000000 +0200
+++ /var/tmp/diff_new_pack.YG1323/_new 2007-04-01 12:00:37.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package apparmor-profiles (Version 2.0.1)
+# spec file for package apparmor-profiles (Version 2.0.2)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -15,10 +15,10 @@
%define distro suse
%endif
Summary: AppArmor profiles that are loaded into the apparmor kernel module
-Version: 2.0.1
-Release: 22
+Version: 2.0.2
+Release: 1
Group: Productivity/Security
-Source0: %{name}-%{version}-325.tar.gz
+Source0: %{name}-%{version}-521.tar.gz
License: GNU General Public License (GPL)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -76,7 +76,9 @@
%preun
-%changelog -n apparmor-profiles
+%changelog
+* Sat Mar 31 2007 - agruen@suse.de
+- Update to version 2.0.2: DFA based kernel module.
* Tue Feb 06 2007 - srarnold@suse.de
- Bug 157400 - default AppArmor profile for gaim too restrictive
- Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to
++++++ apparmor-profiles-2.0.1-325.tar.gz -> apparmor-profiles-2.0.2-521.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/abstractions/bash new/apparmor-profiles-2.0.2/abstractions/bash
--- old/apparmor-profiles-2.0.1/abstractions/bash 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/bash 2007-02-13 01:14:30.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: bash 90 2006-08-04 19:13:59Z seth_arnold $
+# $Id: bash 385 2007-02-13 00:14:30Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -19,9 +19,11 @@
# system-wide bash configuration
/etc/profile.dos r,
/etc/profile r,
+ /etc/profile.d r,
/etc/profile.d/* r,
/etc/bashrc r,
/etc/bash.bashrc r,
+ /etc/bash.bashrc.local r,
/etc/bash_completion r,
/etc/bash_completion.d* r,
/etc/bash_completion.d/* r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/apparmor-profiles.spec new/apparmor-profiles-2.0.2/apparmor-profiles.spec
--- old/apparmor-profiles-2.0.1/apparmor-profiles.spec 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/apparmor-profiles.spec 2007-03-31 01:49:29.000000000 +0200
@@ -0,0 +1,209 @@
+# $Id: apparmor-profiles.spec.in 199 2006-11-04 21:34:47Z steve-beattie $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, contact Novell, Inc.
+# ------------------------------------------------------------------
+# norootforbuild
+
+%if ! %{?distro:1}0
+ %define distro suse
+%endif
+
+Summary: AppArmor profiles
+Name: apparmor-profiles
+Version: 2.0.2
+Release: 521
+Group: Productivity/Security
+Source0: %{name}-%{version}-521.tar.gz
+License: GPL
+BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
+Url: http://forge.novell.com/modules/xfmod/project/?apparmor
+Requires: apparmor-parser
+BuildArch: noarch
+Obsoletes: subdomain-profiles
+Provides: subdomain-profiles
+
+# hrm, still need to enumerate each directory in these paths in files :(
+%define extras_dir %{_sysconfdir}/apparmor/profiles/extras/
+%define profiles_dir %{_sysconfdir}/apparmor.d/
+
+%description
+Base AppArmor profiles (aka security policy). AppArmor is a file
+mandatory access control mechanism. AppArmor confines processes
+to the resources allowed by the systems administrator and can constrain
+the scope of potential security vulnerabilities.
+This package is part of a suite of tools that used to be named SubDomain.
+
+%prep
+
+%setup -q
+
+%build
+[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
+
+%install
+[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
+make install DESTDIR=${RPM_BUILD_ROOT} DISTRO=%{distro} \
+ EXTRASDIR=${RPM_BUILD_ROOT}/%{extras_dir}/
+
+%clean
+[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root)
+%attr(644, root, root) %config(noreplace) %{profiles_dir}/*
+%attr(644, root, root) %config(noreplace) %{extras_dir}/*
+%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/
+%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/abstractions/
+%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/program-chunks/
+%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/tunables/
+%dir %attr(-, root, root) %{_sysconfdir}/apparmor/
+%dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/
+%dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/extras/
+
+%post
+
+%preun
+
+%changelog
+* Wed Apr 12 2006 Steve Beattie
+- Move to forge svn repo; fix build issue due to new dir layout
+* Fri Apr 7 2006 Dominic Reynolds 2.0-11.1
+- seth.arnold:
+- Fix for base (ntpd) - #164150
+- Fix for postfix.qmgr - #156446
+* Mon Apr 3 2006 Seth Arnold 2.0-11.1
+- Fix for postfix/sasl (#159667)
+- Fix for NIS/portmapper nameservice capabilities
+* Thu Mar 30 2006 Dominic Reynolds 2.0-10.1
+- Fix for postalias (#158689)
+* Sun Mar 12 2006 Dominic Reynolds 2.0-10.1
+- Fix for sendmail to add a px transtion to usr.lib.postfix.smtpd
+ (#156998)
+* Thu Mar 9 2006 Seth Arnold 2.0-9.1
+- new svnserve profile in extras (not enforcing), postfix ldap fixes
+ (#156091)
+- procmail now runs unconfined from postfix, sendmail
+* Wed Mar 8 2006 Seth Arnold 2.0-8.1
+- net_bind_service for postfix's cleanup, smtp. (#143336)
+- whitespace fix
+* Fri Feb 24 2006 Seth Arnold 2.0-7.1
+- icon caches, fontconfig
+- Re-disable httpd2-prefork
+* Fri Feb 17 2006 Seth Arnold 2.0-6.1
+- Re-enable http2d-prefork, named, clarify tunables/home
+* Thu Feb 9 2006 Seth Arnold 2.0-5.3
+- Re-enable sendmail, split apart traceroute
+* Wed Feb 8 2006 Steve Beattie 2.0-5.2
+- Fix tunables/home to not emit multiple slashes
+- Fix klogd per #143336
+* Thu Feb 2 2006 Seth Arnold 2.0-5.1
+- slight re-org, some more use of variables
+* Tue Jan 31 2006 Seth Arnold 2.0-5
+- /etc/apparmor.d/tunables/home
+* Thu Jan 26 2006 Dominic Reynolds 2.0-4.1
+- Moved directory /etc/subdomain.d to /etc/apparmor.d.
+- Changed vim tag in profiles to syntax=apparmor
+* Mon Jan 23 2006 Dominic Reynolds 2.0-4
+- Removal of profiles referencing /home/.
+* Wed Jan 4 2006 Steve Beattie 2.0-3
+- Add svn repo to tarball
+* Wed Dec 7 2005 Steve Beattie 2.0-2
+- dreynolds: remove unused netdomain rules
+- srarnold: allow read access to policy subdirs
+* Wed Dec 7 2005 Steve Beattie 2.0-1
+- Reset version for inclusion in SUSE autobuild
+* Mon Dec 5 2005 Dominic Reynolds 1.99-8
+- License changes to GPL - added new headers. Change the extra profiles to be installed in /etc/apparmor.
+* Wed Nov 30 2005 Steve Beattie 1.99-7
+- Rename package to apparmor-profiles
+* Thu Nov 3 2005 Seth Arnold 1.99-6_imnx
+- abstractions/gnome bug-buddy and segv handler
+* Tue Sep 6 2005 Seth Arnold 1.99-5_imnx
+- include the abstractions/ and program-chunks/
+* Sun Sep 4 2005 Dominic Reynolds dreynolds@suse.de
+- disable the gconf profile
+* Fri Sep 2 2005 Jesse Michael
+- more x86_64 fixes
+* Tue Aug 30 2005 - dreynolds@suse.de
+- Removed bonobo-activation-server profile and references, updated GConf2
+* Mon Aug 29 2005 - dreynolds@suse.de
+- Added evolution profile, enabled other desktop apps.
+* Mon Apr 4 2005 Seth Arnold 1.99-4_imnx
+- fix Requires:
+* Sat Mar 26 2005 Steve Beattie
+- Convert sshd profile to newer style hats
+* Mon Mar 14 2005 Steve Beattie
+- subdomain_parser package renamed to subdomain-parser
+* Wed Mar 9 2005 Steve Beattie
+- Fix some internal handling of % distro
+* Tue Feb 22 2005 Seth Arnold 1.99-3_imnx
+- more generic apache2 module names
+* Fri Feb 11 2005 Steve Beattie 1.99-2_imnx
+- Add postfix's tlsmgr process, and other profile updates
+* Fri Feb 4 2005 Seth Arnold 1.99-1_imnx
+- Reversion to 1.99
+* Wed Feb 2 2005 Seth Arnold 1.2-13_imnx
+- A few small rules for postmap
+* Tue Jan 11 2005 Seth Arnold 1.2-12_imnx
+- Add some 64-bit paths to profiles
+* Thu Dec 16 2004 Seth Arnold 1.2-11_imnx
+- apache desires sys_tty_config
+* Mon Dec 6 2004 Steve Beattie 1.2-10_imnx
+- Add postfix tlsmgr program, included in SuSE 9.2.
+* Mon Nov 22 2004 Seth Arnold 1.2-9_imnx
+- clean up loose ends of program-chunks and abstractions conversion,
+ thanks Dominic
+* Wed Nov 17 2004 Steve Beattie 1.2-8_imnx
+- Add minimal build support for RHEL3.
+* Sun Nov 7 2004 Steve Beattie 1.2-7_imnx
+- Add slack build support infrastructure and use it.
+* Fri Nov 5 2004 Seth Arnold 1.2-6_imnx
+- new procmail profile; no forwarding to user@host capability.
+* Tue Oct 26 2004 Seth Arnold 1.2-4_imnx
+- new postfix proxymap
+* Tue Oct 26 2004 Seth Arnold 1.1-4_imnx
+- duplicate apache-default-uri so that apache with and without
+ mod_change_hat can function
+* Tue Oct 19 2004 Seth Arnold 1.2-3_imnx
+- ntp drift file access
+* Wed Oct 13 2004 Seth Arnold 1.2-2_imnx
+- remove program-chunks/apache-subprofiles from apache2 profile
+- remove useradd and userdel profiles.
+* Tue Oct 12 2004 Steve Beattie 1.2-1_imnx
+- Bump version after shass-1.1 branched off
+* Tue Oct 5 2004 Seth Arnold 1.0-9.4_imnx
+- Modify the directories a bit
+* Thu Sep 30 2004 Seth Arnold 1.0-9.3_imnx
+- Prune the list of installed profiles
+- Profile updates
+* Thu Sep 2 2004 Steve Beattie 1.0-10_imnx
+- Copyright fixups
+- Bunchteen fixes to profiles to make them functional
+- support for non-changehat and enhanced changehat sshd
+* Wed Jul 21 2004 Steve Beattie 1.0-9_imnx
+- first attempt to make cross-distro rpm
+* Mon Jul 12 2004 John Johansen 1.0-8_imnx
+- Moved from /usr/src/immunix/.. to %{module_src_prefix}
+* Wed Jun 23 2004 David Drewelow 1.0-7_imnx
+- Moved ./extras /usr/src/immunix/.. & ./progs-enabled to top of dir
+* Wed Jun 23 2004 Seth Arnold 1.0-6_imnx
+- add ldd and ld profiles
+* Wed Jun 23 2004 David Drewelow 1.0-5_imnx
+- Moved sshd and httpd profiles to /extras, split /extras & /progs-enabled
+* Tue Jun 22 2004 Seth Arnold 1.0-5_imnx
+- Remove sshd profile, add squid profile
+* Tue Jun 22 2004 Seth Arnold 1.0-4_imnx
+- Remove sshd profile, add squid profile
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/common/Make.rules new/apparmor-profiles-2.0.2/common/Make.rules
--- old/apparmor-profiles-2.0.1/common/Make.rules 2007-01-11 22:55:08.000000000 +0100
+++ new/apparmor-profiles-2.0.2/common/Make.rules 2007-03-31 01:32:48.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: Make.rules 297 2007-01-11 21:55:08Z steve-beattie $
+# $Id: Make.rules 520 2007-03-30 23:32:48Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -25,7 +25,7 @@
# directories
DISTRIBUTION=AppArmor
-VERSION=2.0.1
+VERSION=2.0.2
# OVERRIDABLE variables
# Set these variables before including Make.rules to change its behavior
@@ -148,6 +148,7 @@
-rm -rf $(RELEASE_DIR)
svn export -r $(REPO_VERSION) $(REPO_URL) $(RELEASE_DIR)
svn export $(COMMON_REPO_URL) $(RELEASE_DIR)/common
+ make -C $(RELEASE_DIR) $(SPECFILE) REPO_VERSION=${REPO_VERSION} COMMONDIR_EXISTS=false
$(TAR) -f $(TARBALL) $(RELEASE_DIR)
rm -rf $(RELEASE_DIR)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/bin.ping new/apparmor-profiles-2.0.2/enabled/bin.ping
--- old/apparmor-profiles-2.0.1/enabled/bin.ping 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/enabled/bin.ping 2007-03-31 01:45:28.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: bin.ping 90 2006-08-04 19:13:59Z seth_arnold $
+# $Id: bin.ping 521 2007-03-30 23:45:28Z agruen $
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/sbin.klogd new/apparmor-profiles-2.0.2/enabled/sbin.klogd
--- old/apparmor-profiles-2.0.1/enabled/sbin.klogd 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/enabled/sbin.klogd 1970-01-01 01:00:00.000000000 +0100
@@ -1,24 +0,0 @@
-# $Id: sbin.klogd 90 2006-08-04 19:13:59Z seth_arnold $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/sbin/klogd {
- #include
-
- capability sys_admin,
-
- /boot/System.map* r,
- /proc/kmsg r,
- /sbin/klogd rmix,
- /var/log/boot.msg rwl,
- /var/run/klogd.pid rwl,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/sbin.syslogd new/apparmor-profiles-2.0.2/enabled/sbin.syslogd
--- old/apparmor-profiles-2.0.1/enabled/sbin.syslogd 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/enabled/sbin.syslogd 1970-01-01 01:00:00.000000000 +0100
@@ -1,34 +0,0 @@
-# $Id: sbin.syslogd 90 2006-08-04 19:13:59Z seth_arnold $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/sbin/syslogd {
- #include
- #include
- #include
-
- capability sys_tty_config,
- capability dac_override,
- capability dac_read_search,
-
- /dev/log wl,
- /var/lib/*/dev/log wl,
-
- /dev/tty* w,
- /dev/xconsole rw,
- /etc/syslog.conf r,
- /sbin/syslogd rmix,
- /var/log/** rw,
- /var/run/syslogd.pid rwl,
- /var/run/utmp rw,
- /var/spool/compaq/nic/messages_fifo rw,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/sbin.syslog-ng new/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng
--- old/apparmor-profiles-2.0.1/enabled/sbin.syslog-ng 2006-11-27 11:44:24.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng 1970-01-01 01:00:00.000000000 +0100
@@ -1,35 +0,0 @@
-# $Id$
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2006 Novell/SUSE
-# Copyright (C) 2006 Christian Boltz
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/sbin/syslog-ng {
- #include
- #include
- #include
-
- capability chown,
- capability dac_override,
- capability fsetid,
- capability fowner,
-
- /dev/log w,
- /dev/tty10 w,
- /dev/xconsole rw,
- /etc/syslog-ng/* r,
- /sbin/syslog-ng mr,
- # chrooted applications
- /var/lib/*/dev/log w,
- /var/log/** w,
- /var/run/syslog-ng.pid w,
-}
-
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.identd new/apparmor-profiles-2.0.2/enabled/usr.sbin.identd
--- old/apparmor-profiles-2.0.1/enabled/usr.sbin.identd 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.identd 1970-01-01 01:00:00.000000000 +0100
@@ -1,27 +0,0 @@
-# $Id: usr.sbin.identd 90 2006-08-04 19:13:59Z seth_arnold $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/identd {
- #include
- #include
- capability net_bind_service,
- capability setgid,
- capability setuid,
- /etc/identd.conf r,
- /etc/identd.key r,
- /etc/identd.pid w,
- /usr/sbin/identd rmix,
- /proc/net/tcp r,
- /proc/net/tcp6 r,
- /var/run/identd.pid w,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.mdnsd new/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd
--- old/apparmor-profiles-2.0.1/enabled/usr.sbin.mdnsd 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd 1970-01-01 01:00:00.000000000 +0100
@@ -1,33 +0,0 @@
-# $Id: usr.sbin.mdnsd 90 2006-08-04 19:13:59Z seth_arnold $
-# vim:syntax=apparmor
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/mdnsd {
- #include
- #include
- #include
-
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_chroot,
- capability sys_resource,
-
- /usr/sbin/mdnsd rmix,
-
- /proc/net r,
- /proc/net/unix r,
- /proc/sys/kernel/ngroups_max r,
- /var/run/mdnsd lw,
- /var/run/mdnsd.pid w,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.named new/apparmor-profiles-2.0.2/enabled/usr.sbin.named
--- old/apparmor-profiles-2.0.1/enabled/usr.sbin.named 2007-01-19 13:05:05.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.named 1970-01-01 01:00:00.000000000 +0100
@@ -1,43 +0,0 @@
-# $Id: usr.sbin.named 307 2007-01-19 12:05:05Z seth_arnold $
-#
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-# vim:syntax=apparmor
-# Last Modified: Wed Aug 17 14:09:24 2005
-
-#include
-
-/usr/sbin/named {
- #include
- #include
- #include
-
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_chroot,
-
- /** r,
- /dyn/** rwl,
- /usr/bin/dnskeygen mix,
- /usr/bin/dnsquery mix,
- /usr/sbin/named rmix,
- /usr/sbin/named-xfer mix,
- /var/lib/named/** rwl,
- /var/named/** rwl,
- /var/run/named.pid wl,
- /var/run/named/named.pid wl,
- /var/run/ndc wl,
- /slave/* rw,
-
- /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r,
- /var/tmp/DNS_* rw,
- /tmp/DNS_* rw,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.nscd new/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd
--- old/apparmor-profiles-2.0.1/enabled/usr.sbin.nscd 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd 1970-01-01 01:00:00.000000000 +0100
@@ -1,41 +0,0 @@
-# vim:syntax=apparmor
-# Last Modified: Sun Jan 22 00:12:50 2006
-# $Id: usr.sbin.nscd 90 2006-08-04 19:13:59Z seth_arnold $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/nscd {
- #include
- #include
- #include
-
- capability net_bind_service,
-
- /etc/nscd.conf r,
- /proc/meminfo r,
- /proc/*/fd r,
- /proc/*/fd/* r,
- /proc/*/maps r,
- /proc/*/mounts r,
- /proc/filesystems r,
- /proc/sys/kernel/ngroups_max r,
- /usr/sbin/nscd rmix,
- /var/run/.nscd_socket wl,
- /var/run/nscd r,
- /var/run/nscd/db* wl,
- /var/run/nscd/socket wl,
- /var/run/nscd/{passwd,group} w,
- /var/run/{nscd/,}nscd.pid rwl,
-
- /tmp/.winbindd/pipe rw,
- /var/lib/samba/winbindd_privileged/pipe rw,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.ntpd new/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd
--- old/apparmor-profiles-2.0.1/enabled/usr.sbin.ntpd 2007-01-19 13:05:05.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd 1970-01-01 01:00:00.000000000 +0100
@@ -1,49 +0,0 @@
-# vim:syntax=apparmor
-# Last Modified: Sun Jan 22 00:11:27 2006
-# $Id: usr.sbin.ntpd 307 2007-01-19 12:05:05Z seth_arnold $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/ntpd {
- #include
- #include
- #include
-
- capability ipc_lock,
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_chroot,
- capability sys_resource,
- capability sys_time,
-
- /drift/ntp.drift rwl,
- /drift/ntp.drift.TEMP rwl,
- /etc/ntpd.conf r,
- /etc/ntp.conf r,
- /etc/ntp/drift* rwl,
- /etc/ntp/keys r,
- /etc/ntp/step-tickers r,
- /proc/net/if_inet6 r,
- /tmp/ntp* rwl,
- /usr/sbin/ntpd rmix,
- /var/lib/ntp/etc/ntp.conf.iburst r,
- /var/lib/ntp/drift rwl,
- /var/lib/ntp/drift.TEMP rwl,
- /var/lib/ntp/drift/ntp.drift r,
- /var/lib/ntp/var/run/ntp/ntpd.pid w,
- /var/log/ntp w,
- /var/log/ntp.log w,
- /var/opt/novell/xad/rpc/xadsd rw,
- /var/run/ntpd.pid w,
- /var/tmp/ntp* rwl,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.traceroute new/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute
--- old/apparmor-profiles-2.0.1/enabled/usr.sbin.traceroute 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute 1970-01-01 01:00:00.000000000 +0100
@@ -1,23 +0,0 @@
-# $Id: usr.sbin.traceroute 90 2006-08-04 19:13:59Z seth_arnold $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/traceroute {
- #include
- #include
- #include
-
- capability net_raw,
-
- /proc/net/route r,
- /usr/sbin/traceroute rmix,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/sbin.klogd new/apparmor-profiles-2.0.2/extras/sbin.klogd
--- old/apparmor-profiles-2.0.1/extras/sbin.klogd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/sbin.klogd 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,24 @@
+# $Id: sbin.klogd 520 2007-03-30 23:32:48Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/sbin/klogd {
+ #include
+
+ capability sys_admin,
+
+ /boot/System.map* r,
+ /proc/kmsg r,
+ /sbin/klogd rmix,
+ /var/log/boot.msg rwl,
+ /var/run/klogd.pid rwl,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/sbin.syslogd new/apparmor-profiles-2.0.2/extras/sbin.syslogd
--- old/apparmor-profiles-2.0.1/extras/sbin.syslogd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/sbin.syslogd 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,34 @@
+# $Id: sbin.syslogd 520 2007-03-30 23:32:48Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/sbin/syslogd {
+ #include
+ #include
+ #include
+
+ capability sys_tty_config,
+ capability dac_override,
+ capability dac_read_search,
+
+ /dev/log wl,
+ /var/lib/*/dev/log wl,
+
+ /dev/tty* w,
+ /dev/xconsole rw,
+ /etc/syslog.conf r,
+ /sbin/syslogd rmix,
+ /var/log/** rw,
+ /var/run/syslogd.pid rwl,
+ /var/run/utmp rw,
+ /var/spool/compaq/nic/messages_fifo rw,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/sbin.syslog-ng new/apparmor-profiles-2.0.2/extras/sbin.syslog-ng
--- old/apparmor-profiles-2.0.1/extras/sbin.syslog-ng 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/sbin.syslog-ng 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,35 @@
+# $Id$
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2006 Novell/SUSE
+# Copyright (C) 2006 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/sbin/syslog-ng {
+ #include
+ #include
+ #include
+
+ capability chown,
+ capability dac_override,
+ capability fsetid,
+ capability fowner,
+
+ /dev/log w,
+ /dev/tty10 w,
+ /dev/xconsole rw,
+ /etc/syslog-ng/* r,
+ /sbin/syslog-ng mr,
+ # chrooted applications
+ /var/lib/*/dev/log w,
+ /var/log/** w,
+ /var/run/syslog-ng.pid w,
+}
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.identd new/apparmor-profiles-2.0.2/extras/usr.sbin.identd
--- old/apparmor-profiles-2.0.1/extras/usr.sbin.identd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.identd 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,27 @@
+# $Id: usr.sbin.identd 520 2007-03-30 23:32:48Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/identd {
+ #include
+ #include
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ /etc/identd.conf r,
+ /etc/identd.key r,
+ /etc/identd.pid w,
+ /usr/sbin/identd rmix,
+ /proc/net/tcp r,
+ /proc/net/tcp6 r,
+ /var/run/identd.pid w,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.mdnsd new/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd
--- old/apparmor-profiles-2.0.1/extras/usr.sbin.mdnsd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,33 @@
+# $Id: usr.sbin.mdnsd 520 2007-03-30 23:32:48Z agruen $
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/mdnsd {
+ #include
+ #include
+ #include
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_resource,
+
+ /usr/sbin/mdnsd rmix,
+
+ /proc/net r,
+ /proc/net/unix r,
+ /proc/sys/kernel/ngroups_max r,
+ /var/run/mdnsd lw,
+ /var/run/mdnsd.pid w,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.named new/apparmor-profiles-2.0.2/extras/usr.sbin.named
--- old/apparmor-profiles-2.0.1/extras/usr.sbin.named 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.named 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,43 @@
+# $Id: usr.sbin.named 520 2007-03-30 23:32:48Z agruen $
+#
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+# Last Modified: Wed Aug 17 14:09:24 2005
+
+#include
+
+/usr/sbin/named {
+ #include
+ #include
+ #include
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+
+ /** r,
+ /dyn/** rwl,
+ /usr/bin/dnskeygen mix,
+ /usr/bin/dnsquery mix,
+ /usr/sbin/named rmix,
+ /usr/sbin/named-xfer mix,
+ /var/lib/named/** rwl,
+ /var/named/** rwl,
+ /var/run/named.pid wl,
+ /var/run/named/named.pid wl,
+ /var/run/ndc wl,
+ /slave/* rw,
+
+ /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r,
+ /var/tmp/DNS_* rw,
+ /tmp/DNS_* rw,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.nscd new/apparmor-profiles-2.0.2/extras/usr.sbin.nscd
--- old/apparmor-profiles-2.0.1/extras/usr.sbin.nscd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.nscd 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,41 @@
+# vim:syntax=apparmor
+# Last Modified: Sun Jan 22 00:12:50 2006
+# $Id: usr.sbin.nscd 520 2007-03-30 23:32:48Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/nscd {
+ #include
+ #include
+ #include
+
+ capability net_bind_service,
+
+ /etc/nscd.conf r,
+ /proc/meminfo r,
+ /proc/*/fd r,
+ /proc/*/fd/* r,
+ /proc/*/maps r,
+ /proc/*/mounts r,
+ /proc/filesystems r,
+ /proc/sys/kernel/ngroups_max r,
+ /usr/sbin/nscd rmix,
+ /var/run/.nscd_socket wl,
+ /var/run/nscd r,
+ /var/run/nscd/db* wl,
+ /var/run/nscd/socket wl,
+ /var/run/nscd/{passwd,group} w,
+ /var/run/{nscd/,}nscd.pid rwl,
+
+ /tmp/.winbindd/pipe rw,
+ /var/lib/samba/winbindd_privileged/pipe rw,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.ntpd new/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd
--- old/apparmor-profiles-2.0.1/extras/usr.sbin.ntpd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,49 @@
+# vim:syntax=apparmor
+# Last Modified: Sun Jan 22 00:11:27 2006
+# $Id: usr.sbin.ntpd 520 2007-03-30 23:32:48Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/ntpd {
+ #include
+ #include
+ #include
+
+ capability ipc_lock,
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_resource,
+ capability sys_time,
+
+ /drift/ntp.drift rwl,
+ /drift/ntp.drift.TEMP rwl,
+ /etc/ntpd.conf r,
+ /etc/ntp.conf r,
+ /etc/ntp/drift* rwl,
+ /etc/ntp/keys r,
+ /etc/ntp/step-tickers r,
+ /proc/net/if_inet6 r,
+ /tmp/ntp* rwl,
+ /usr/sbin/ntpd rmix,
+ /var/lib/ntp/etc/ntp.conf.iburst r,
+ /var/lib/ntp/drift rwl,
+ /var/lib/ntp/drift.TEMP rwl,
+ /var/lib/ntp/drift/ntp.drift r,
+ /var/lib/ntp/var/run/ntp/ntpd.pid w,
+ /var/log/ntp w,
+ /var/log/ntp.log w,
+ /var/opt/novell/xad/rpc/xadsd rw,
+ /var/run/ntpd.pid w,
+ /var/tmp/ntp* rwl,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.traceroute new/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute
--- old/apparmor-profiles-2.0.1/extras/usr.sbin.traceroute 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute 2007-03-31 01:32:48.000000000 +0200
@@ -0,0 +1,23 @@
+# $Id: usr.sbin.traceroute 520 2007-03-30 23:32:48Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/traceroute {
+ #include
+ #include
+ #include
+
+ capability net_raw,
+
+ /proc/net/route r,
+ /usr/sbin/traceroute rmix,
+}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org