Hello community,
here is the log from the commit of package apparmor-profiles
checked in at Fri Apr 13 21:49:11 CEST 2007.
--------
--- apparmor-profiles/apparmor-profiles.changes 2007-03-31 01:38:14.000000000 +0200
+++ /mounts/work_src_done/NOARCH/apparmor-profiles/apparmor-profiles.changes 2007-04-13 18:37:01.487292000 +0200
@@ -1,0 +2,5 @@
+Fri Apr 13 18:36:10 CEST 2007 - sbeattie@suse.de
+
+- Update/re-enable some profiles for dir handling changes
+
+-------------------------------------------------------------------
Old:
----
apparmor-profiles-2.0.2-521.tar.gz
New:
----
apparmor-profiles-2.0.2-563.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-profiles.spec ++++++
--- /var/tmp/diff_new_pack.NN8433/_old 2007-04-13 21:48:50.000000000 +0200
+++ /var/tmp/diff_new_pack.NN8433/_new 2007-04-13 21:48:50.000000000 +0200
@@ -16,9 +16,9 @@
%endif
Summary: AppArmor profiles that are loaded into the apparmor kernel module
Version: 2.0.2
-Release: 1
+Release: 3
Group: Productivity/Security
-Source0: %{name}-%{version}-521.tar.gz
+Source0: %{name}-%{version}-563.tar.gz
License: GNU General Public License (GPL)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -77,6 +77,8 @@
%preun
%changelog
+* Fri Apr 13 2007 - sbeattie@suse.de
+- Update/re-enable some profiles for dir handling changes
* Sat Mar 31 2007 - agruen@suse.de
- Update to version 2.0.2: DFA based kernel module.
* Tue Feb 06 2007 - srarnold@suse.de
++++++ apparmor-profiles-2.0.2-521.tar.gz -> apparmor-profiles-2.0.2-563.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/authentication new/apparmor-profiles-2.0.2/abstractions/authentication
--- old/apparmor-profiles-2.0.2/abstractions/authentication 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/authentication 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: authentication 90 2006-08-04 19:13:59Z seth_arnold $
+# $Id: authentication 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -24,11 +24,11 @@
/lib64/security/pam_filter/* mr,
/lib64/security/pam_*.so mr,
- /lib64/security r,
+ /lib64/security/ r,
/lib/security/pam_filter/* mr,
/lib/security/pam_*.so mr,
- /lib/security r,
+ /lib/security/ r,
# kerberos
#include
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/bash new/apparmor-profiles-2.0.2/abstractions/bash
--- old/apparmor-profiles-2.0.2/abstractions/bash 2007-02-13 01:14:30.000000000 +0100
+++ new/apparmor-profiles-2.0.2/abstractions/bash 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: bash 385 2007-02-13 00:14:30Z seth_arnold $
+# $Id: bash 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -19,13 +19,13 @@
# system-wide bash configuration
/etc/profile.dos r,
/etc/profile r,
- /etc/profile.d r,
+ /etc/profile.d/ r,
/etc/profile.d/* r,
/etc/bashrc r,
/etc/bash.bashrc r,
/etc/bash.bashrc.local r,
/etc/bash_completion r,
- /etc/bash_completion.d* r,
+ /etc/bash_completion.d/ r,
/etc/bash_completion.d/* r,
# bash relies on system-wide readline configuration
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/consoles new/apparmor-profiles-2.0.2/abstractions/consoles
--- old/apparmor-profiles-2.0.2/abstractions/consoles 2006-04-12 23:35:41.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/consoles 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: consoles 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: consoles 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -19,5 +19,5 @@
# program uses the /dev/pts/ interface, it actually has access to
# -all- xterm, sshd, etc, terminals on the system.
/dev/pts/[0-9]* rw,
- /dev/pts r,
+ /dev/pts/ r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/fonts new/apparmor-profiles-2.0.2/abstractions/fonts
--- old/apparmor-profiles-2.0.2/abstractions/fonts 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/fonts 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: fonts 90 2006-08-04 19:13:59Z seth_arnold $
+# $Id: fonts 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -48,5 +48,5 @@
@{HOME}/.fonts/** r,
@{HOME}/.fonts.cache-2 mr,
- /usr/local/share/fonts r,
+ /usr/local/share/fonts/ r,
/usr/local/share/fonts/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/kde new/apparmor-profiles-2.0.2/abstractions/kde
--- old/apparmor-profiles-2.0.2/abstractions/kde 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/kde 2007-04-11 01:31:50.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: kde 90 2006-08-04 19:13:59Z seth_arnold $
+# $Id: kde 561 2007-04-10 23:31:50Z steve-beattie $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -18,7 +18,7 @@
/etc/X11/qtrc r,
/etc/kde3rc r,
/etc/opt/kde3/share/config/* r,
-/etc/opt/kde3/share/icons r,
+/etc/opt/kde3/share/icons/ r,
/etc/opt/kde3/share/icons/** r,
@{HOME}/.DCOPserver_* r,
@@ -27,20 +27,21 @@
@{HOME}/.kde/share/config/kdeglobals rw,
@{HOME}/.qt/** rw,
-/opt/kde3/lib64/kde3/plugins/styles r,
+/opt/kde3/lib64/kde3/plugins/styles/ r,
/opt/kde3/lib64/kde3/plugins/styles/* mr,
/opt/kde3/lib64/lib*so* mr,
-/opt/kde3/lib/kde3/plugins/styles r,
+/opt/kde3/lib/kde3/plugins/styles/ r,
/opt/kde3/lib/kde3/plugins/styles/* mr,
/opt/kde3/lib/lib*so* mr,
/opt/kde3/share/config/kdeglobals r,
-/opt/kde3/share/icons r,
+/opt/kde3/share/icons/ r,
/opt/kde3/share/icons/** r,
/usr/X11R6/lib64/X11/XKeysymDB r,
/usr/X11R6/lib64/X11/icons/** r,
/usr/X11R6/lib/X11/XKeysymDB r,
/usr/X11R6/lib/X11/icons/** r,
+/usr/lib/X11/XKeysymDB r,
/usr/lib/qt3/lib64/lib*so* mr,
/usr/lib64/qt3/plugins/** mr,
@@ -48,4 +49,4 @@
/usr/lib/qt3/plugins/** mr,
/usr/share/YaST2/theme/** r,
-/usr/share/pixmaps r,
+/usr/share/pixmaps/ r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/mysql new/apparmor-profiles-2.0.2/abstractions/mysql
--- old/apparmor-profiles-2.0.2/abstractions/mysql 2006-05-03 00:41:28.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/mysql 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: mysql 39 2006-05-02 22:41:28Z seth_arnold $
+# $Id: mysql 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -10,5 +10,5 @@
# ------------------------------------------------------------------
/var/lib/mysql/mysql.sock rw,
- /usr/share/mysql/charsets r,
+ /usr/share/mysql/charsets/ r,
/usr/share/mysql/charsets/*.xml r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/php5 new/apparmor-profiles-2.0.2/abstractions/php5
--- old/apparmor-profiles-2.0.2/abstractions/php5 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/php5 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: php5 90 2006-08-04 19:13:59Z seth_arnold $
+# $Id: php5 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# shared snippets for config files
- /etc/php5/conf.d r,
+ /etc/php5/conf.d/ r,
/etc/php5/conf.d/*.ini r,
# fastcgi specific config
@@ -27,5 +27,5 @@
/var/lib/php5/sess_* rwl,
# php libraries
- /usr/share/php r,
+ /usr/share/php/ r,
/usr/share/php/** mr,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/python new/apparmor-profiles-2.0.2/abstractions/python
--- old/apparmor-profiles-2.0.2/abstractions/python 2006-09-12 00:17:43.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/python 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: python 119 2006-09-11 22:17:43Z steve-beattie $
+# $Id: python 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -10,11 +10,11 @@
# ------------------------------------------------------------------
/usr/lib64/python2.[45]/**.{egg,py,pyc,pth,so} mr,
- /usr/lib64/python2.[45]/site-packages r,
+ /usr/lib64/python2.[45]/site-packages/ r,
/usr/lib/python2.[45]/**.{egg,py,pyc,pth,so} mr,
- /usr/lib/python2.[45]/site-packages r,
+ /usr/lib/python2.[45]/site-packages/ r,
/usr/local/lib64/python2.[45]/**.{egg,py,pyc,pth,so} mr,
- /usr/local/lib64/python2.[45]/site-packages r,
+ /usr/local/lib64/python2.[45]/site-packages/ r,
/usr/local/lib/python2.[45]/**.{egg,py,pyc,pth,so} mr,
- /usr/local/lib/python2.[45]/site-packages r,
+ /usr/local/lib/python2.[45]/site-packages/ r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/ruby new/apparmor-profiles-2.0.2/abstractions/ruby
--- old/apparmor-profiles-2.0.2/abstractions/ruby 2006-11-03 13:58:52.000000000 +0100
+++ new/apparmor-profiles-2.0.2/abstractions/ruby 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: ruby 193 2006-11-03 12:58:52Z seth_arnold $
+# $Id: ruby 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -9,32 +9,32 @@
#
# ------------------------------------------------------------------
- /usr/lib64/ruby/1.8 r,
+ /usr/lib64/ruby/1.8/ r,
/usr/lib64/ruby/1.8/*.rb r,
/usr/lib64/ruby/1.8/**/*.rb r,
/usr/lib64/ruby/1.8/*-linux/*.so mr,
/usr/lib64/ruby/1.8/*-linux/**/*.so mr,
- /usr/lib64/ruby/site_ruby/1.8 r,
+ /usr/lib64/ruby/site_ruby/1.8/ r,
/usr/lib64/ruby/site_ruby/1.8/*.rb r,
/usr/lib64/ruby/site_ruby/1.8/**/*.rb r,
/usr/lib64/ruby/site_ruby/1.8/*-linux/*.so mr,
/usr/lib64/ruby/site_ruby/1.8/*-linux/**/*.so mr,
- /usr/lib64/ruby/gems/1.8 r,
+ /usr/lib64/ruby/gems/1.8/ r,
/usr/lib64/ruby/gems/1.8/** r,
- /usr/lib/ruby/1.8 r,
+ /usr/lib/ruby/1.8/ r,
/usr/lib/ruby/1.8/*.rb r,
/usr/lib/ruby/1.8/**/*.rb r,
/usr/lib/ruby/1.8/*-linux/*.so mr,
/usr/lib/ruby/1.8/*-linux/**/*.so mr,
- /usr/lib/ruby/site_ruby/1.8 r,
+ /usr/lib/ruby/site_ruby/1.8/ r,
/usr/lib/ruby/site_ruby/1.8/*.rb r,
/usr/lib/ruby/site_ruby/1.8/**/*.rb r,
/usr/lib/ruby/site_ruby/1.8/*-linux/*.so mr,
/usr/lib/ruby/site_ruby/1.8/*-linux/**/*.so mr,
- /usr/lib/ruby/gems/1.8 r,
+ /usr/lib/ruby/gems/1.8/ r,
/usr/lib/ruby/gems/1.8/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/svn-repositories new/apparmor-profiles-2.0.2/abstractions/svn-repositories
--- old/apparmor-profiles-2.0.2/abstractions/svn-repositories 2006-11-03 13:58:52.000000000 +0100
+++ new/apparmor-profiles-2.0.2/abstractions/svn-repositories 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: svn-repositories 193 2006-11-03 12:58:52Z seth_arnold $
+# $Id: svn-repositories 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -26,9 +26,9 @@
/srv/svn/**/db/write-lock rwl,
/srv/svn/**/db/current rwl,
/srv/svn/**/db/current*.tmp rwl,
- /srv/svn/**/db/revs r,
+ /srv/svn/**/db/revs/ r,
/srv/svn/**/db/revs/* rw,
- /srv/svn/**/db/revprops r,
+ /srv/svn/**/db/revprops/ r,
/srv/svn/**/db/revprops/* rw,
/srv/svn/**/db/transactions/** rw,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/user-download new/apparmor-profiles-2.0.2/abstractions/user-download
--- old/apparmor-profiles-2.0.2/abstractions/user-download 2006-04-12 23:35:41.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/user-download 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: user-download 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: user-download 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -18,5 +18,5 @@
@{HOME}/[a-zA-Z0-9]* rwl,
@{HOME}/Desktop r,
@{HOME}/Desktop/* rwl,
- "@{HOME}/My Downloads" r,
+ "@{HOME}/My Downloads/" r,
"@{HOME}/My Downloads/**" rwl,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/user-mail new/apparmor-profiles-2.0.2/abstractions/user-mail
--- old/apparmor-profiles-2.0.2/abstractions/user-mail 2006-08-04 21:13:59.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/user-mail 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: user-mail 90 2006-08-04 19:13:59Z seth_arnold $
+# $Id: user-mail 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -10,16 +10,16 @@
# ------------------------------------------------------------------
# location of user mail, spool and mboxes
- @{HOME}/Mail r,
- @{HOME}/mail r,
+ @{HOME}/Mail/ r,
+ @{HOME}/mail/ r,
@{HOME}/Mail/** rwl,
@{HOME}/mail/** rwl,
- @{HOME}/postponed* rwl ,
- /var/spool/mail r,
+ @{HOME}/postponed* rwl,
+ /var/spool/mail/ r,
/var/spool/mail/* rwl,
@{HOME}/mbox.lock* rwl,
@{HOME}/mbox rw,
@{HOME}/inbox rw,
@{HOME}/.forward r,
- @{HOME}/Maildir r,
+ @{HOME}/Maildir/ r,
@{HOME}/Maildir/** rwl,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/user-manpages new/apparmor-profiles-2.0.2/abstractions/user-manpages
--- old/apparmor-profiles-2.0.2/abstractions/user-manpages 2006-04-12 23:35:41.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/user-manpages 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: user-manpages 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: user-manpages 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -18,15 +18,15 @@
/tmp/groff* rwl,
# standard system manpages
- /usr/local/share/man/man? r,
+ /usr/local/share/man/man?/ r,
/usr/local/share/man/man?/** r,
/usr/{share,X11R6,local,kerberos}/man/** r,
/usr/man/** r,
# suseism
- /opt/gnome/share/man/man? r,
+ /opt/gnome/share/man/man?/ r,
/opt/gnome/share/man/man?/** r,
- /opt/gnome/man/man? r,
+ /opt/gnome/man/man?/ r,
/opt/gnome/man/man?/** r,
- /usr/openwin/man/man? r,
+ /usr/openwin/man/man?/ r,
/usr/openwin/man/man?/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/user-tmp new/apparmor-profiles-2.0.2/abstractions/user-tmp
--- old/apparmor-profiles-2.0.2/abstractions/user-tmp 2006-04-12 23:35:41.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/user-tmp 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: user-tmp 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: user-tmp 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -11,10 +11,10 @@
# per-user tmp directories
@{HOME}/tmp/** rwl,
- @{HOME}/tmp r,
+ @{HOME}/tmp/ r,
# global tmp directories
/var/tmp/** rwl,
- /var/tmp r,
+ /var/tmp/ r,
/tmp/** rwl,
- /tmp r,
+ /tmp/ r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/user-write new/apparmor-profiles-2.0.2/abstractions/user-write
--- old/apparmor-profiles-2.0.2/abstractions/user-write 2006-04-12 23:35:41.000000000 +0200
+++ new/apparmor-profiles-2.0.2/abstractions/user-write 2007-04-11 01:08:09.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: user-write 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: user-write 560 2007-04-10 23:08:09Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -11,8 +11,9 @@
# per-user write directories
@{HOME}/ r,
- @{HOME}/Desktop r,
- @{HOME}/Documents r,
+ @{HOME}/Desktop/ r,
+ @{HOME}/Documents/ r,
+ @{HOME}/[a-zA-Z0-9]*/ rw,
@{HOME}/[a-zA-Z0-9]* rwl,
@{HOME}/Desktop/** rwl,
@{HOME}/Documents/** rwl,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/abstractions/xad new/apparmor-profiles-2.0.2/abstractions/xad
--- old/apparmor-profiles-2.0.2/abstractions/xad 2007-01-19 13:05:05.000000000 +0100
+++ new/apparmor-profiles-2.0.2/abstractions/xad 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: xad 307 2007-01-19 12:05:05Z seth_arnold $
+# $Id: xad 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2007 Novell/SUSE
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- /opt/novell/xad/lib r,
+ /opt/novell/xad/lib/ r,
/opt/novell/xad/lib/lib*.so* mr,
/opt/novell/xad/lib/gss/*.so* mr,
/opt/novell/lib/libpthread_ext*.so* mr,
@@ -17,4 +17,5 @@
/etc/opt/novell/xad/krb5.conf r,
/etc/opt/novell/nici.cfg r,
/var/opt/novell/nici/* r,
+ /var/opt/novell/nici/*/ r,
/var/opt/novell/nici/*/* rw,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor-profiles.spec new/apparmor-profiles-2.0.2/apparmor-profiles.spec
--- old/apparmor-profiles-2.0.2/apparmor-profiles.spec 2007-03-31 01:49:29.000000000 +0200
+++ new/apparmor-profiles-2.0.2/apparmor-profiles.spec 2007-04-12 23:54:11.000000000 +0200
@@ -24,9 +24,9 @@
Summary: AppArmor profiles
Name: apparmor-profiles
Version: 2.0.2
-Release: 521
+Release: 563
Group: Productivity/Security
-Source0: %{name}-%{version}-521.tar.gz
+Source0: %{name}-%{version}-563.tar.gz
License: GPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://forge.novell.com/modules/xfmod/project/?apparmor
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/common/apparmor.css new/apparmor-profiles-2.0.2/common/apparmor.css
--- old/apparmor-profiles-2.0.2/common/apparmor.css 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/common/apparmor.css 2007-04-03 21:51:56.000000000 +0200
@@ -0,0 +1,30 @@
+BODY {background:rgb(000,000,000); color:rgb(225,225,225);
+margin-left: 1%; margin-right: 5%}
+H1 {color:rgb(240,240,240); font-size:115%;}
+H2 {color:rgb(240,240,240); font-size:109%;}
+H3 {color:rgb(240,240,240); font-size:104%;}
+TD.sidebar {width:18em; background:rgb(020,020,020); vertical-align:top;}
+TD.main {width:250em; background:rgb(020,020,020); padding-top:5px;
+padding-bottom:5px; padding-left:10px; padding-right:10px; }
+TD.sidebarhead {background:rgb(038,038,038);}
+TD.footer {background:rgb(020,020,020); padding:5px; }
+TD.block {background: #9c9c9c; color:rgb(000,000,000)}
+
+P {font-size:102%}
+P {margin-left:.5em; margin-right:.5em}
+P {color:rgb(225,225,225)}
+
+P.sidebar {font-size:98% }
+P.sidebarhead {font-size:98%; font-weight:bold; }
+
+UL {font-size:102%}
+UL {margin-left:.5em; margin-right:.5em}
+UL {color:rgb(225,225,225)}
+
+IMG {border:none}
+
+:link, :visited, :active { text-decoration:underline; }
+
+:link { color: white }
+:visited { color: rgb(225,225,225)}
+:active { color: gray }
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/common/Make.rules new/apparmor-profiles-2.0.2/common/Make.rules
--- old/apparmor-profiles-2.0.2/common/Make.rules 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/common/Make.rules 2007-04-03 23:12:16.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: Make.rules 520 2007-03-30 23:32:48Z agruen $
+# $Id: Make.rules 537 2007-04-03 21:12:16Z steve-beattie $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -165,6 +165,81 @@
$(BUILDRPMSUBDIRS):
mkdir -p $(BUILDRPMSUBDIRS)
+.PHONY: _clean
+.SILENT: _clean
+_clean:
+ -rm -f ${NAME}-${VERSION}-*.tar.gz
+ -rm -f ${MANPAGES} ${HTMLMANPAGES} pod2htm*.tmp
+
+# =====================
+# manpages
+# =====================
+
+POD2MAN = /usr/bin/pod2man
+POD2HTML = /usr/bin/pod2html
+MANDIR = /usr/share/man
+DOCDIR = /usr/share/doc/${NAME}-${VERSION}
+
+# get list of directory numbers based on definition of MANPAGES variable
+MANDIRS=$(sort $(foreach dir, 1 2 3 4 5 6 7 8, $(patsubst %.${dir}, ${dir}, $(filter %.${dir}, ${MANPAGES}))))
+HTMLMANPAGES=$(foreach manpage, ${MANPAGES}, ${manpage}.html)
+
+.PHONY: install_manpages
+install_manpages: $(MANPAGES)
+ $(foreach dir, ${MANDIRS}, \
+ install -d ${DESTDIR}/${MANDIR}/man${dir} ; \
+ install -m 644 $(filter %.${dir}, ${MANPAGES}) ${DESTDIR}/${MANDIR}/man${dir}; \
+ $(foreach aa_page, $(filter %.${dir}, ${AA_MANPAGES}), \
+ ln -sf $(aa_page) ${DESTDIR}/${MANDIR}/man${dir}/${aa_page:%=aa-%};))
+
+%.1: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=1 > $@
+
+%.2: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=2 > $@
+
+%.3: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=3 > $@
+
+%.4: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=4 > $@
+
+%.5: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=5 > $@
+
+%.6: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=6 > $@
+
+%.7: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=7 > $@
+
+%.8: %.pod
+ $(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=8 > $@
+
+%.1.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
+%.2.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
+%.3.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
+%.4.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
+%.5.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
+%.6.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
+%.7.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
+%.8.html: %.pod
+ $(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
+
# =====================
# Slackware poo
# =====================
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/sbin.klogd new/apparmor-profiles-2.0.2/enabled/sbin.klogd
--- old/apparmor-profiles-2.0.2/enabled/sbin.klogd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/sbin.klogd 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,24 @@
+# $Id: sbin.klogd 559 2007-04-10 23:05:33Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/sbin/klogd {
+ #include
+
+ capability sys_admin,
+
+ /boot/System.map* r,
+ /proc/kmsg r,
+ /sbin/klogd rmix,
+ /var/log/boot.msg rwl,
+ /var/run/klogd.pid rwl,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/sbin.syslogd new/apparmor-profiles-2.0.2/enabled/sbin.syslogd
--- old/apparmor-profiles-2.0.2/enabled/sbin.syslogd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/sbin.syslogd 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,34 @@
+# $Id: sbin.syslogd 559 2007-04-10 23:05:33Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/sbin/syslogd {
+ #include
+ #include
+ #include
+
+ capability sys_tty_config,
+ capability dac_override,
+ capability dac_read_search,
+
+ /dev/log wl,
+ /var/lib/*/dev/log wl,
+
+ /dev/tty* w,
+ /dev/xconsole rw,
+ /etc/syslog.conf r,
+ /sbin/syslogd rmix,
+ /var/log/** rw,
+ /var/run/syslogd.pid rwl,
+ /var/run/utmp rw,
+ /var/spool/compaq/nic/messages_fifo rw,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng new/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng
--- old/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,35 @@
+# $Id$
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2006 Novell/SUSE
+# Copyright (C) 2006 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/sbin/syslog-ng {
+ #include
+ #include
+ #include
+
+ capability chown,
+ capability dac_override,
+ capability fsetid,
+ capability fowner,
+
+ /dev/log w,
+ /dev/tty10 w,
+ /dev/xconsole rw,
+ /etc/syslog-ng/* r,
+ /sbin/syslog-ng mr,
+ # chrooted applications
+ /var/lib/*/dev/log w,
+ /var/log/** w,
+ /var/run/syslog-ng.pid w,
+}
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/usr.sbin.identd new/apparmor-profiles-2.0.2/enabled/usr.sbin.identd
--- old/apparmor-profiles-2.0.2/enabled/usr.sbin.identd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.identd 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,27 @@
+# $Id: usr.sbin.identd 559 2007-04-10 23:05:33Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/identd {
+ #include
+ #include
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ /etc/identd.conf r,
+ /etc/identd.key r,
+ /etc/identd.pid w,
+ /usr/sbin/identd rmix,
+ /proc/net/tcp r,
+ /proc/net/tcp6 r,
+ /var/run/identd.pid w,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd new/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd
--- old/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,33 @@
+# $Id: usr.sbin.mdnsd 559 2007-04-10 23:05:33Z agruen $
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/mdnsd {
+ #include
+ #include
+ #include
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_resource,
+
+ /usr/sbin/mdnsd rmix,
+
+ /proc/net/ r,
+ /proc/net/unix r,
+ /proc/sys/kernel/ngroups_max r,
+ /var/run/mdnsd lw,
+ /var/run/mdnsd.pid w,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/usr.sbin.named new/apparmor-profiles-2.0.2/enabled/usr.sbin.named
--- old/apparmor-profiles-2.0.2/enabled/usr.sbin.named 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.named 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,43 @@
+# $Id: usr.sbin.named 559 2007-04-10 23:05:33Z agruen $
+#
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+# Last Modified: Wed Aug 17 14:09:24 2005
+
+#include
+
+/usr/sbin/named {
+ #include
+ #include
+ #include
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+
+ /** r,
+ /dyn/** rwl,
+ /usr/bin/dnskeygen mix,
+ /usr/bin/dnsquery mix,
+ /usr/sbin/named rmix,
+ /usr/sbin/named-xfer mix,
+ /var/lib/named/** rwl,
+ /var/named/** rwl,
+ /var/run/named.pid wl,
+ /var/run/named/named.pid wl,
+ /var/run/ndc wl,
+ /slave/* rw,
+
+ /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r,
+ /var/tmp/DNS_* rw,
+ /tmp/DNS_* rw,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd new/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd
--- old/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,41 @@
+# vim:syntax=apparmor
+# Last Modified: Sun Jan 22 00:12:50 2006
+# $Id: usr.sbin.nscd 559 2007-04-10 23:05:33Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/nscd {
+ #include
+ #include
+ #include
+
+ capability net_bind_service,
+
+ /etc/nscd.conf r,
+ /proc/meminfo r,
+ /proc/*/fd/ r,
+ /proc/*/fd/* r,
+ /proc/*/maps r,
+ /proc/*/mounts r,
+ /proc/filesystems r,
+ /proc/sys/kernel/ngroups_max r,
+ /usr/sbin/nscd rmix,
+ /var/run/.nscd_socket wl,
+ /var/run/nscd/ r,
+ /var/run/nscd/db* wl,
+ /var/run/nscd/socket wl,
+ /var/run/nscd/{passwd,group} w,
+ /var/run/{nscd/,}nscd.pid rwl,
+
+ /tmp/.winbindd/pipe rw,
+ /var/lib/samba/winbindd_privileged/pipe rw,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd new/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd
--- old/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,49 @@
+# vim:syntax=apparmor
+# Last Modified: Sun Jan 22 00:11:27 2006
+# $Id: usr.sbin.ntpd 559 2007-04-10 23:05:33Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/ntpd {
+ #include
+ #include
+ #include
+
+ capability ipc_lock,
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_resource,
+ capability sys_time,
+
+ /drift/ntp.drift rwl,
+ /drift/ntp.drift.TEMP rwl,
+ /etc/ntpd.conf r,
+ /etc/ntp.conf r,
+ /etc/ntp/drift* rwl,
+ /etc/ntp/keys r,
+ /etc/ntp/step-tickers r,
+ /proc/net/if_inet6 r,
+ /tmp/ntp* rwl,
+ /usr/sbin/ntpd rmix,
+ /var/lib/ntp/etc/ntp.conf.iburst r,
+ /var/lib/ntp/drift rwl,
+ /var/lib/ntp/drift.TEMP rwl,
+ /var/lib/ntp/drift/ntp.drift r,
+ /var/lib/ntp/var/run/ntp/ntpd.pid w,
+ /var/log/ntp w,
+ /var/log/ntp.log w,
+ /var/opt/novell/xad/rpc/xadsd rw,
+ /var/run/ntpd.pid w,
+ /var/tmp/ntp* rwl,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute new/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute
--- old/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute 2007-04-11 01:05:33.000000000 +0200
@@ -0,0 +1,23 @@
+# $Id: usr.sbin.traceroute 559 2007-04-10 23:05:33Z agruen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include
+
+/usr/sbin/traceroute {
+ #include
+ #include
+ #include
+
+ capability net_raw,
+
+ /proc/net/route r,
+ /usr/sbin/traceroute rmix,
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/sbin.klogd new/apparmor-profiles-2.0.2/extras/sbin.klogd
--- old/apparmor-profiles-2.0.2/extras/sbin.klogd 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/sbin.klogd 1970-01-01 01:00:00.000000000 +0100
@@ -1,24 +0,0 @@
-# $Id: sbin.klogd 520 2007-03-30 23:32:48Z agruen $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/sbin/klogd {
- #include
-
- capability sys_admin,
-
- /boot/System.map* r,
- /proc/kmsg r,
- /sbin/klogd rmix,
- /var/log/boot.msg rwl,
- /var/run/klogd.pid rwl,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/sbin.syslogd new/apparmor-profiles-2.0.2/extras/sbin.syslogd
--- old/apparmor-profiles-2.0.2/extras/sbin.syslogd 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/sbin.syslogd 1970-01-01 01:00:00.000000000 +0100
@@ -1,34 +0,0 @@
-# $Id: sbin.syslogd 520 2007-03-30 23:32:48Z agruen $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/sbin/syslogd {
- #include
- #include
- #include
-
- capability sys_tty_config,
- capability dac_override,
- capability dac_read_search,
-
- /dev/log wl,
- /var/lib/*/dev/log wl,
-
- /dev/tty* w,
- /dev/xconsole rw,
- /etc/syslog.conf r,
- /sbin/syslogd rmix,
- /var/log/** rw,
- /var/run/syslogd.pid rwl,
- /var/run/utmp rw,
- /var/spool/compaq/nic/messages_fifo rw,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/sbin.syslog-ng new/apparmor-profiles-2.0.2/extras/sbin.syslog-ng
--- old/apparmor-profiles-2.0.2/extras/sbin.syslog-ng 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/sbin.syslog-ng 1970-01-01 01:00:00.000000000 +0100
@@ -1,35 +0,0 @@
-# $Id$
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2006 Novell/SUSE
-# Copyright (C) 2006 Christian Boltz
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/sbin/syslog-ng {
- #include
- #include
- #include
-
- capability chown,
- capability dac_override,
- capability fsetid,
- capability fowner,
-
- /dev/log w,
- /dev/tty10 w,
- /dev/xconsole rw,
- /etc/syslog-ng/* r,
- /sbin/syslog-ng mr,
- # chrooted applications
- /var/lib/*/dev/log w,
- /var/log/** w,
- /var/run/syslog-ng.pid w,
-}
-
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/usr.sbin.identd new/apparmor-profiles-2.0.2/extras/usr.sbin.identd
--- old/apparmor-profiles-2.0.2/extras/usr.sbin.identd 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.identd 1970-01-01 01:00:00.000000000 +0100
@@ -1,27 +0,0 @@
-# $Id: usr.sbin.identd 520 2007-03-30 23:32:48Z agruen $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/identd {
- #include
- #include
- capability net_bind_service,
- capability setgid,
- capability setuid,
- /etc/identd.conf r,
- /etc/identd.key r,
- /etc/identd.pid w,
- /usr/sbin/identd rmix,
- /proc/net/tcp r,
- /proc/net/tcp6 r,
- /var/run/identd.pid w,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd new/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd
--- old/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd 1970-01-01 01:00:00.000000000 +0100
@@ -1,33 +0,0 @@
-# $Id: usr.sbin.mdnsd 520 2007-03-30 23:32:48Z agruen $
-# vim:syntax=apparmor
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/mdnsd {
- #include
- #include
- #include
-
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_chroot,
- capability sys_resource,
-
- /usr/sbin/mdnsd rmix,
-
- /proc/net r,
- /proc/net/unix r,
- /proc/sys/kernel/ngroups_max r,
- /var/run/mdnsd lw,
- /var/run/mdnsd.pid w,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/usr.sbin.named new/apparmor-profiles-2.0.2/extras/usr.sbin.named
--- old/apparmor-profiles-2.0.2/extras/usr.sbin.named 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.named 1970-01-01 01:00:00.000000000 +0100
@@ -1,43 +0,0 @@
-# $Id: usr.sbin.named 520 2007-03-30 23:32:48Z agruen $
-#
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-# vim:syntax=apparmor
-# Last Modified: Wed Aug 17 14:09:24 2005
-
-#include
-
-/usr/sbin/named {
- #include
- #include
- #include
-
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_chroot,
-
- /** r,
- /dyn/** rwl,
- /usr/bin/dnskeygen mix,
- /usr/bin/dnsquery mix,
- /usr/sbin/named rmix,
- /usr/sbin/named-xfer mix,
- /var/lib/named/** rwl,
- /var/named/** rwl,
- /var/run/named.pid wl,
- /var/run/named/named.pid wl,
- /var/run/ndc wl,
- /slave/* rw,
-
- /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r,
- /var/tmp/DNS_* rw,
- /tmp/DNS_* rw,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/usr.sbin.nscd new/apparmor-profiles-2.0.2/extras/usr.sbin.nscd
--- old/apparmor-profiles-2.0.2/extras/usr.sbin.nscd 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.nscd 1970-01-01 01:00:00.000000000 +0100
@@ -1,41 +0,0 @@
-# vim:syntax=apparmor
-# Last Modified: Sun Jan 22 00:12:50 2006
-# $Id: usr.sbin.nscd 520 2007-03-30 23:32:48Z agruen $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/nscd {
- #include
- #include
- #include
-
- capability net_bind_service,
-
- /etc/nscd.conf r,
- /proc/meminfo r,
- /proc/*/fd r,
- /proc/*/fd/* r,
- /proc/*/maps r,
- /proc/*/mounts r,
- /proc/filesystems r,
- /proc/sys/kernel/ngroups_max r,
- /usr/sbin/nscd rmix,
- /var/run/.nscd_socket wl,
- /var/run/nscd r,
- /var/run/nscd/db* wl,
- /var/run/nscd/socket wl,
- /var/run/nscd/{passwd,group} w,
- /var/run/{nscd/,}nscd.pid rwl,
-
- /tmp/.winbindd/pipe rw,
- /var/lib/samba/winbindd_privileged/pipe rw,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd new/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd
--- old/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd 1970-01-01 01:00:00.000000000 +0100
@@ -1,49 +0,0 @@
-# vim:syntax=apparmor
-# Last Modified: Sun Jan 22 00:11:27 2006
-# $Id: usr.sbin.ntpd 520 2007-03-30 23:32:48Z agruen $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/ntpd {
- #include
- #include
- #include
-
- capability ipc_lock,
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_chroot,
- capability sys_resource,
- capability sys_time,
-
- /drift/ntp.drift rwl,
- /drift/ntp.drift.TEMP rwl,
- /etc/ntpd.conf r,
- /etc/ntp.conf r,
- /etc/ntp/drift* rwl,
- /etc/ntp/keys r,
- /etc/ntp/step-tickers r,
- /proc/net/if_inet6 r,
- /tmp/ntp* rwl,
- /usr/sbin/ntpd rmix,
- /var/lib/ntp/etc/ntp.conf.iburst r,
- /var/lib/ntp/drift rwl,
- /var/lib/ntp/drift.TEMP rwl,
- /var/lib/ntp/drift/ntp.drift r,
- /var/lib/ntp/var/run/ntp/ntpd.pid w,
- /var/log/ntp w,
- /var/log/ntp.log w,
- /var/opt/novell/xad/rpc/xadsd rw,
- /var/run/ntpd.pid w,
- /var/tmp/ntp* rwl,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/usr.sbin.sshd new/apparmor-profiles-2.0.2/extras/usr.sbin.sshd
--- old/apparmor-profiles-2.0.2/extras/usr.sbin.sshd 2007-01-05 14:02:25.000000000 +0100
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.sshd 2007-04-11 02:34:06.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.sbin.sshd 290 2007-01-05 13:02:25Z seth_arnold $
+# $Id: usr.sbin.sshd 563 2007-04-11 00:34:06Z steve-beattie $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -42,7 +42,7 @@
/var/run w,
/var/run/sshd{,.init}.pid wl,
- /proc/[0-9]*/fd r,
+ /proc/[0-9]*/fd/ r,
/proc/[0-9]*/loginuid w,
# should only be here for use in non-change-hat openssh
@@ -74,7 +74,7 @@
/etc/motd r,
/tmp/ssh-*/agent.[0-9]* rwl,
- /tmp/ssh-*[0-9]* w,
+ /tmp/ssh-*[0-9]*/ w,
#
# default subprofile for when sshd has authenticated the user
@@ -162,6 +162,7 @@
/etc/motd r,
/proc/sys/kernel/ngroups_max r,
/tmp/ssh-*/agent.[0-9]* rwl,
+ /tmp/ssh-*[0-9]*/ w,
# for debugging
# /dev/pts/[0-9]* rw,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute new/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute
--- old/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute 2007-03-31 01:32:48.000000000 +0200
+++ new/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute 1970-01-01 01:00:00.000000000 +0100
@@ -1,23 +0,0 @@
-# $Id: usr.sbin.traceroute 520 2007-03-30 23:32:48Z agruen $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/sbin/traceroute {
- #include
- #include
- #include
-
- capability net_raw,
-
- /proc/net/route r,
- /usr/sbin/traceroute rmix,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/program-chunks/postfix-common new/apparmor-profiles-2.0.2/program-chunks/postfix-common
--- old/apparmor-profiles-2.0.2/program-chunks/postfix-common 2006-10-18 23:13:42.000000000 +0200
+++ new/apparmor-profiles-2.0.2/program-chunks/postfix-common 2007-04-11 01:05:33.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: postfix-common 163 2006-10-18 21:13:42Z seth_arnold $
+# $Id: postfix-common 559 2007-04-10 23:05:33Z agruen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -20,6 +20,6 @@
/proc/net/if_inet6 r,
/usr/lib/postfix/*.so mr,
/usr/lib64/sasl2/* mr,
- /usr/lib64/sasl2 r,
+ /usr/lib64/sasl2/ r,
/usr/lib/sasl2/* mr,
- /usr/lib/sasl2 r,
+ /usr/lib/sasl2/ r,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org