Mailinglist Archive: opensuse-commit (832 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package apparmor-utils for openSUSE:Factory
checked in at Thu Feb 4 11:32:28 CET 2010.



--------
--- apparmor-utils/apparmor-utils.changes       2009-05-20 20:38:50.000000000 
+0200
+++ /mounts/work_src_done/STABLE/apparmor-utils/apparmor-utils.changes  
2010-01-21 21:11:29.000000000 +0100
@@ -1,0 +2,10 @@
+Thu Jan 21 21:04:43 CET 2010 - jeffm@xxxxxxx
+
+- Fix handling of files in / (bnc#397883)
+
+-------------------------------------------------------------------
+Thu Jan 21 20:49:38 CET 2010 - jeffm@xxxxxxx
+
+- Add support for path and exec operations (bnc#564316)
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


New:
----
  apparmor-utils-add-log-types
  apparmor-utils-filenames-in-slash

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apparmor-utils.spec ++++++
--- /var/tmp/diff_new_pack.lK7oIl/_old  2010-02-04 11:32:12.000000000 +0100
+++ /var/tmp/diff_new_pack.lK7oIl/_new  2010-02-04 11:32:12.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package apparmor-utils (Version 2.3.1)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,14 +24,16 @@
 %endif
 Summary:        AppArmor User-Level Utilities Useful for Creating AppArmor 
Profiles
 Version:        2.3.1
-Release:        11
+Release:        12
 Group:          Productivity/Security
 Source0:        %{name}-%{version}-1377.tar.gz
 Patch1:         apparmor-utils-string-split
 Patch2:         apparmor-utils-null-path-fix
 Patch3:         apparmor-utils-fix-subdomain-refs
 Patch4:         apparmor-utils-cleanup-on-abort
-License:        GPL v2 or later; LGPL v2.1 or later
+Patch5:         apparmor-utils-add-log-types
+Patch6:         apparmor-utils-filenames-in-slash
+License:        GPLv2+ ; LGPLv2.1+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 Url:            http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -69,6 +71,8 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 
 %build
 

++++++ apparmor-utils-add-log-types ++++++
From: Jeff Mahoney <jeffm@xxxxxxxx>
Subject: apparmor-utils: Add support for creds and path operations
References: bnc#564316

 2.6.29 introduced the path security_operations and credentials

 This patch adds support for those operations to the log parser.

Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx>
---
 SubDomain.pm |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/SubDomain.pm
+++ b/SubDomain.pm
@@ -2759,7 +2759,9 @@ sub add_event_to_tree ($) {
                          $e->{name2}
                        );
         }
-    } elsif ($e->{operation} =~ m/file_/) {
+    } elsif ($e->{operation} =~ m/file_/ or
+           # These are the path operations introduced in 2.6.29
+             $e->{operation} =~ 
m/^(open|unlink|mkdir|rmdir|mknod|truncate|symlink_create|link|rename_src|rename_dest)$/)
 {
         add_to_tree( $e->{pid},
                     $e->{parent},
                      "path",
@@ -2794,7 +2796,9 @@ sub add_event_to_tree ($) {
                      $e->{name},
                     ""
                     );
-    } elsif ($e->{operation} =~ m/inode_/) {
+    } elsif ($e->{operation} =~ m/inode_/ or
+           # 2.6.29 introduced creds and we see the "exec" operation instead
+            $e->{operation} eq "exec") {
         my $is_domain_change = 0;
 
         if ($e->{operation}   eq "inode_permission" &&
++++++ apparmor-utils-filenames-in-slash ++++++
From: Jeff Mahoney <jeffm@xxxxxxxx>
Subject: apparmor-utils: Fix handling of files in /
References: bnc#397883

 The separate handling of files and directories with realpath is broken.

 For files e.g. /foo, $dir ends up being empty since the / is eaten by
 the regex. realpath resolves an empty argument as the current directory,
 resulting in an incorrect path.

 There's no explanation of why the separate handling was used in the
 first place.

Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx>
---
 SubDomain.pm |    9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

--- a/SubDomain.pm
+++ b/SubDomain.pm
@@ -508,14 +508,7 @@ sub get_full_path ($) {
         }
     }
 
-    if (-f $path) {
-        my ($dir, $file) = $path =~ m/^(.*)\/(.+)$/;
-        $path = realpath($dir) . "/$file";
-    } else {
-        $path = realpath($path);
-    }
-
-    return $path;
+    return realpath($path);
 }
 
 sub findexecutable ($) {

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx