Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2014-12-23 11:50:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apparmor" Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2014-11-24 11:11:20.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2014-12-23 11:48:54.000000000 +0100 @@ -1,0 +2,20 @@ +Mon Dec 22 10:26:15 UTC 2014 - cbosdonnat@suse.com + +- Fix dnsmasq profile to allow executing bash to run the --dhcp-script + argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt + leasehealper script to run even on x86_64. + dnsmasq-profile-fixes.patch. boo#911001 + +------------------------------------------------------------------- +Sun Dec 21 16:22:27 UTC 2014 - opensuse@cboltz.de + +- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the + script filename + +------------------------------------------------------------------- +Wed Dec 10 10:15:16 UTC 2014 - meissner@suse.com + +- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs + confinement. bnc#906858 + +------------------------------------------------------------------- New: ---- apparmor-lessopen-profile.patch dnsmasq-profile-fixes.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.CrN46h/_old 2014-12-23 11:48:55.000000000 +0100 +++ /var/tmp/diff_new_pack.CrN46h/_new 2014-12-23 11:48:55.000000000 +0100 @@ -92,6 +92,12 @@ # (bnc#900013, not for upstream) Patch6: apparmor-abstractions-no-multiline.diff +# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21) +Patch7: apparmor-lessopen-profile.patch + +# boo#911001 - Allow executing --dhcp-client script +Patch8: dnsmasq-profile-fixes.patch + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -430,6 +436,8 @@ %endif %patch6 +%patch7 -p1 +%patch8 -p1 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" ++++++ apparmor-lessopen-profile.patch ++++++ Index: apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen =================================================================== --- /dev/null +++ apparmor-2.9.0/profiles/apparmor.d/usr.bin.lessopen.sh @@ -0,0 +1,39 @@ +# Last Modified: Fri Nov 28 08:01:09 2014 +#include <tunables/global> + +/usr/bin/lessopen.sh { + #include <abstractions/base> + #include <abstractions/bash> + #include <abstractions/consoles> + #include <abstractions/perl> + + /** rk, + /bin/bash ix, + /bin/rpm rix, + /bin/tar rix, + /tmp/less.* rw, + /usr/bin/bzip2 rix, + /usr/bin/cabextract rix, + /usr/bin/cat rix, + /usr/bin/colordiff rix, + /usr/bin/dvi2tty rix, + /usr/bin/file rix, + /usr/bin/grep rix, + /usr/bin/groff rix, + /usr/bin/gzip rix, + /usr/bin/head rix, + /usr/bin/lynx rix, + /usr/bin/mktemp rix, + /usr/bin/nm rix, + /usr/bin/pdftotext rix, + /usr/bin/ps2ascii rix, + /usr/bin/rm rix, + /usr/bin/seq rix, + /usr/bin/tar rix, + /usr/bin/unzip rix, + /usr/bin/w3m rix, + /usr/bin/which rix, + /usr/bin/xz rix, + + #include <local/usr.bin.lessopen.sh> +} ++++++ dnsmasq-profile-fixes.patch ++++++ Index: apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq =================================================================== --- apparmor-2.9.0.orig/profiles/apparmor.d/usr.sbin.dnsmasq +++ apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq @@ -44,6 +44,8 @@ /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage + /bin/bash ix, # Required to execute --dhcp-script argument + # access to iface mtu needed for Router Advertisement messages in IPv6 # Neighbor Discovery protocol (RFC 2461) @{PROC}/sys/net/ipv6/conf/*/mtu r, @@ -63,7 +65,7 @@ /{,var/}run/libvirt/network/*.pid rw, # libvirt lease helper - /usr/lib/libvirt/libvirt_leaseshelper ix, + /usr/{lib,lib64}/libvirt/libvirt_leaseshelper ix, /{,var/}run/leaseshelper.pid rwk, # NetworkManager integration -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org