Hello community, here is the log from the commit of package apparmor-profiles checked in at Sun Apr 1 12:00:48 CEST 2007. -------- --- apparmor-profiles/apparmor-profiles.changes 2007-02-06 00:23:52.000000000 +0100 +++ /mounts/work_src_done/NOARCH/apparmor-profiles/apparmor-profiles.changes 2007-03-31 01:38:14.000000000 +0200 @@ -1,0 +2,5 @@ +Sat Mar 31 01:37:36 CEST 2007 - agruen@suse.de + +- Update to version 2.0.2: DFA based kernel module. + +------------------------------------------------------------------- Old: ---- apparmor-profiles-2.0.1-325.tar.gz New: ---- apparmor-profiles-2.0.2-521.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor-profiles.spec ++++++ --- /var/tmp/diff_new_pack.YG1323/_old 2007-04-01 12:00:37.000000000 +0200 +++ /var/tmp/diff_new_pack.YG1323/_new 2007-04-01 12:00:37.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package apparmor-profiles (Version 2.0.1) +# spec file for package apparmor-profiles (Version 2.0.2) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -15,10 +15,10 @@ %define distro suse %endif Summary: AppArmor profiles that are loaded into the apparmor kernel module -Version: 2.0.1 -Release: 22 +Version: 2.0.2 +Release: 1 Group: Productivity/Security -Source0: %{name}-%{version}-325.tar.gz +Source0: %{name}-%{version}-521.tar.gz License: GNU General Public License (GPL) BuildRoot: %{_tmppath}/%{name}-%{version}-build URL: http://forge.novell.com/modules/xfmod/project/?apparmor @@ -76,7 +76,9 @@ %preun -%changelog -n apparmor-profiles +%changelog +* Sat Mar 31 2007 - agruen@suse.de +- Update to version 2.0.2: DFA based kernel module. * Tue Feb 06 2007 - srarnold@suse.de - Bug 157400 - default AppArmor profile for gaim too restrictive - Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to ++++++ apparmor-profiles-2.0.1-325.tar.gz -> apparmor-profiles-2.0.2-521.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/abstractions/bash new/apparmor-profiles-2.0.2/abstractions/bash --- old/apparmor-profiles-2.0.1/abstractions/bash 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/abstractions/bash 2007-02-13 01:14:30.000000000 +0100 @@ -1,4 +1,4 @@ -# $Id: bash 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: bash 385 2007-02-13 00:14:30Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -19,9 +19,11 @@ # system-wide bash configuration /etc/profile.dos r, /etc/profile r, + /etc/profile.d r, /etc/profile.d/* r, /etc/bashrc r, /etc/bash.bashrc r, + /etc/bash.bashrc.local r, /etc/bash_completion r, /etc/bash_completion.d* r, /etc/bash_completion.d/* r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/apparmor-profiles.spec new/apparmor-profiles-2.0.2/apparmor-profiles.spec --- old/apparmor-profiles-2.0.1/apparmor-profiles.spec 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor-profiles.spec 2007-03-31 01:49:29.000000000 +0200 @@ -0,0 +1,209 @@ +# $Id: apparmor-profiles.spec.in 199 2006-11-04 21:34:47Z steve-beattie $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, contact Novell, Inc. +# ------------------------------------------------------------------ +# norootforbuild + +%if ! %{?distro:1}0 + %define distro suse +%endif + +Summary: AppArmor profiles +Name: apparmor-profiles +Version: 2.0.2 +Release: 521 +Group: Productivity/Security +Source0: %{name}-%{version}-521.tar.gz +License: GPL +BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build +Url: http://forge.novell.com/modules/xfmod/project/?apparmor +Requires: apparmor-parser +BuildArch: noarch +Obsoletes: subdomain-profiles +Provides: subdomain-profiles + +# hrm, still need to enumerate each directory in these paths in files :( +%define extras_dir %{_sysconfdir}/apparmor/profiles/extras/ +%define profiles_dir %{_sysconfdir}/apparmor.d/ + +%description +Base AppArmor profiles (aka security policy). AppArmor is a file +mandatory access control mechanism. AppArmor confines processes +to the resources allowed by the systems administrator and can constrain +the scope of potential security vulnerabilities. +This package is part of a suite of tools that used to be named SubDomain. + +%prep + +%setup -q + +%build +[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} + +%install +[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} +make install DESTDIR=${RPM_BUILD_ROOT} DISTRO=%{distro} \ + EXTRASDIR=${RPM_BUILD_ROOT}/%{extras_dir}/ + +%clean +[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%attr(644, root, root) %config(noreplace) %{profiles_dir}/* +%attr(644, root, root) %config(noreplace) %{extras_dir}/* +%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/ +%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/abstractions/ +%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/program-chunks/ +%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/tunables/ +%dir %attr(-, root, root) %{_sysconfdir}/apparmor/ +%dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/ +%dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/extras/ + +%post + +%preun + +%changelog +* Wed Apr 12 2006 Steve Beattie <sbeattie@suse.de> +- Move to forge svn repo; fix build issue due to new dir layout +* Fri Apr 7 2006 Dominic Reynolds <dreynolds@suse.de> 2.0-11.1 +- seth.arnold: +- Fix for base (ntpd) - #164150 +- Fix for postfix.qmgr - #156446 +* Mon Apr 3 2006 Seth Arnold <seth.arnold@suse.de> 2.0-11.1 +- Fix for postfix/sasl (#159667) +- Fix for NIS/portmapper nameservice capabilities +* Thu Mar 30 2006 Dominic Reynolds <dreynolds@suse.de> 2.0-10.1 +- Fix for postalias (#158689) +* Sun Mar 12 2006 Dominic Reynolds <dreynolds@suse.de> 2.0-10.1 +- Fix for sendmail to add a px transtion to usr.lib.postfix.smtpd + (#156998) +* Thu Mar 9 2006 Seth Arnold <seth.arnold@suse.de> 2.0-9.1 +- new svnserve profile in extras (not enforcing), postfix ldap fixes + (#156091) +- procmail now runs unconfined from postfix, sendmail +* Wed Mar 8 2006 Seth Arnold <seth.arnold@suse.de> 2.0-8.1 +- net_bind_service for postfix's cleanup, smtp. (#143336) +- whitespace fix +* Fri Feb 24 2006 Seth Arnold <seth.arnold@suse.de> 2.0-7.1 +- icon caches, fontconfig +- Re-disable httpd2-prefork +* Fri Feb 17 2006 Seth Arnold <seth.arnold@suse.de> 2.0-6.1 +- Re-enable http2d-prefork, named, clarify tunables/home +* Thu Feb 9 2006 Seth Arnold <seth.arnold@suse.de> 2.0-5.3 +- Re-enable sendmail, split apart traceroute +* Wed Feb 8 2006 Steve Beattie <sbeattie@suse.de> 2.0-5.2 +- Fix tunables/home to not emit multiple slashes +- Fix klogd per #143336 +* Thu Feb 2 2006 Seth Arnold <seth.arnold@suse.de> 2.0-5.1 +- slight re-org, some more use of variables +* Tue Jan 31 2006 Seth Arnold <seth.sarnold@suse.de> 2.0-5 +- /etc/apparmor.d/tunables/home +* Thu Jan 26 2006 Dominic Reynolds <dreynolds@suse.de> 2.0-4.1 +- Moved directory /etc/subdomain.d to /etc/apparmor.d. +- Changed vim tag in profiles to syntax=apparmor +* Mon Jan 23 2006 Dominic Reynolds <dreynolds@suse.de> 2.0-4 +- Removal of profiles referencing /home/. +* Wed Jan 4 2006 Steve Beattie <sbeattie@suse.de> 2.0-3 +- Add svn repo to tarball +* Wed Dec 7 2005 Steve Beattie <sbeattie@suse.de> 2.0-2 +- dreynolds: remove unused netdomain rules +- srarnold: allow read access to policy subdirs +* Wed Dec 7 2005 Steve Beattie <sbeattie@suse.de> 2.0-1 +- Reset version for inclusion in SUSE autobuild +* Mon Dec 5 2005 Dominic Reynolds <dreynolds@suse.de> 1.99-8 +- License changes to GPL - added new headers. Change the extra profiles to be installed in /etc/apparmor. +* Wed Nov 30 2005 Steve Beattie <sbeattie@suse.de> 1.99-7 +- Rename package to apparmor-profiles +* Thu Nov 3 2005 Seth Arnold <seth.arnold@suse.de> 1.99-6_imnx +- abstractions/gnome bug-buddy and segv handler +* Tue Sep 6 2005 Seth Arnold <seth.arnold@suse.de> 1.99-5_imnx +- include the abstractions/ and program-chunks/ +* Sun Sep 4 2005 Dominic Reynolds dreynolds@suse.de +- disable the gconf profile +* Fri Sep 2 2005 Jesse Michael <jmichael@suse.de> +- more x86_64 fixes +* Tue Aug 30 2005 - dreynolds@suse.de +- Removed bonobo-activation-server profile and references, updated GConf2 +* Mon Aug 29 2005 - dreynolds@suse.de +- Added evolution profile, enabled other desktop apps. +* Mon Apr 4 2005 Seth Arnold <sarnold@immunix.com> 1.99-4_imnx +- fix Requires: +* Sat Mar 26 2005 Steve Beattie <steve@immunix.com> +- Convert sshd profile to newer style hats +* Mon Mar 14 2005 Steve Beattie <steve@immunix.com> +- subdomain_parser package renamed to subdomain-parser +* Wed Mar 9 2005 Steve Beattie <steve@immunix.com> +- Fix some internal handling of % distro +* Tue Feb 22 2005 Seth Arnold <sarnold@immunix.com> 1.99-3_imnx +- more generic apache2 module names +* Fri Feb 11 2005 Steve Beattie <steve@immunix.com> 1.99-2_imnx +- Add postfix's tlsmgr process, and other profile updates +* Fri Feb 4 2005 Seth Arnold <sarnold@immunix.coM> 1.99-1_imnx +- Reversion to 1.99 +* Wed Feb 2 2005 Seth Arnold <sarnold@immunix.com> 1.2-13_imnx +- A few small rules for postmap +* Tue Jan 11 2005 Seth Arnold <sarnold@immunix.com> 1.2-12_imnx +- Add some 64-bit paths to profiles +* Thu Dec 16 2004 Seth Arnold <sarnold@immunix.com> 1.2-11_imnx +- apache desires sys_tty_config +* Mon Dec 6 2004 Steve Beattie <steve@immunix.com> 1.2-10_imnx +- Add postfix tlsmgr program, included in SuSE 9.2. +* Mon Nov 22 2004 Seth Arnold <sarnold@immunix.com> 1.2-9_imnx +- clean up loose ends of program-chunks and abstractions conversion, + thanks Dominic +* Wed Nov 17 2004 Steve Beattie <steve@immunix.com> 1.2-8_imnx +- Add minimal build support for RHEL3. +* Sun Nov 7 2004 Steve Beattie <steve@immunix.com> 1.2-7_imnx +- Add slack build support infrastructure and use it. +* Fri Nov 5 2004 Seth Arnold <sarnold@immunix.com> 1.2-6_imnx +- new procmail profile; no forwarding to user@host capability. +* Tue Oct 26 2004 Seth Arnold <sarnold@immunix.com> 1.2-4_imnx +- new postfix proxymap +* Tue Oct 26 2004 Seth Arnold <sarnold@immunix.com> 1.1-4_imnx +- duplicate apache-default-uri so that apache with and without + mod_change_hat can function +* Tue Oct 19 2004 Seth Arnold <sarnold@immunix.com> 1.2-3_imnx +- ntp drift file access +* Wed Oct 13 2004 Seth Arnold <sarnold@immunix.com> 1.2-2_imnx +- remove program-chunks/apache-subprofiles from apache2 profile +- remove useradd and userdel profiles. +* Tue Oct 12 2004 Steve Beattie <steve@immunix.com> 1.2-1_imnx +- Bump version after shass-1.1 branched off +* Tue Oct 5 2004 Seth Arnold <sarnold@immunix.com> 1.0-9.4_imnx +- Modify the directories a bit +* Thu Sep 30 2004 Seth Arnold <sarnold@immunix.com> 1.0-9.3_imnx +- Prune the list of installed profiles +- Profile updates +* Thu Sep 2 2004 Steve Beattie <steve@immunix.com> 1.0-10_imnx +- Copyright fixups +- Bunchteen fixes to profiles to make them functional +- support for non-changehat and enhanced changehat sshd +* Wed Jul 21 2004 Steve Beattie <steve@immunix.com> 1.0-9_imnx +- first attempt to make cross-distro rpm +* Mon Jul 12 2004 John Johansen <johansen@immunix.com> 1.0-8_imnx +- Moved from /usr/src/immunix/.. to %{module_src_prefix} +* Wed Jun 23 2004 David Drewelow <davidd@immunix.com> 1.0-7_imnx +- Moved ./extras /usr/src/immunix/.. & ./progs-enabled to top of dir +* Wed Jun 23 2004 Seth Arnold <sarnold@immunix.com> 1.0-6_imnx +- add ldd and ld profiles +* Wed Jun 23 2004 David Drewelow <davidd@immunix.com> 1.0-5_imnx +- Moved sshd and httpd profiles to /extras, split /extras & /progs-enabled +* Tue Jun 22 2004 Seth Arnold <sarnold@immunix.com> 1.0-5_imnx +- Remove sshd profile, add squid profile +* Tue Jun 22 2004 Seth Arnold <sarnold@immunix.com> 1.0-4_imnx +- Remove sshd profile, add squid profile diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/common/Make.rules new/apparmor-profiles-2.0.2/common/Make.rules --- old/apparmor-profiles-2.0.1/common/Make.rules 2007-01-11 22:55:08.000000000 +0100 +++ new/apparmor-profiles-2.0.2/common/Make.rules 2007-03-31 01:32:48.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: Make.rules 297 2007-01-11 21:55:08Z steve-beattie $ +# $Id: Make.rules 520 2007-03-30 23:32:48Z agruen $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -25,7 +25,7 @@ # directories DISTRIBUTION=AppArmor -VERSION=2.0.1 +VERSION=2.0.2 # OVERRIDABLE variables # Set these variables before including Make.rules to change its behavior @@ -148,6 +148,7 @@ -rm -rf $(RELEASE_DIR) svn export -r $(REPO_VERSION) $(REPO_URL) $(RELEASE_DIR) svn export $(COMMON_REPO_URL) $(RELEASE_DIR)/common + make -C $(RELEASE_DIR) $(SPECFILE) REPO_VERSION=${REPO_VERSION} COMMONDIR_EXISTS=false $(TAR) -f $(TARBALL) $(RELEASE_DIR) rm -rf $(RELEASE_DIR) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/bin.ping new/apparmor-profiles-2.0.2/enabled/bin.ping --- old/apparmor-profiles-2.0.1/enabled/bin.ping 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/enabled/bin.ping 2007-03-31 01:45:28.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: bin.ping 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: bin.ping 521 2007-03-30 23:45:28Z agruen $ # vim:syntax=apparmor # ------------------------------------------------------------------ # diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/sbin.klogd new/apparmor-profiles-2.0.2/enabled/sbin.klogd --- old/apparmor-profiles-2.0.1/enabled/sbin.klogd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/enabled/sbin.klogd 1970-01-01 01:00:00.000000000 +0100 @@ -1,24 +0,0 @@ -# $Id: sbin.klogd 90 2006-08-04 19:13:59Z seth_arnold $ -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/sbin/klogd { - #include <abstractions/base> - - capability sys_admin, - - /boot/System.map* r, - /proc/kmsg r, - /sbin/klogd rmix, - /var/log/boot.msg rwl, - /var/run/klogd.pid rwl, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/sbin.syslogd new/apparmor-profiles-2.0.2/enabled/sbin.syslogd --- old/apparmor-profiles-2.0.1/enabled/sbin.syslogd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/enabled/sbin.syslogd 1970-01-01 01:00:00.000000000 +0100 @@ -1,34 +0,0 @@ -# $Id: sbin.syslogd 90 2006-08-04 19:13:59Z seth_arnold $ -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/sbin/syslogd { - #include <abstractions/base> - #include <abstractions/nameservice> - #include <abstractions/consoles> - - capability sys_tty_config, - capability dac_override, - capability dac_read_search, - - /dev/log wl, - /var/lib/*/dev/log wl, - - /dev/tty* w, - /dev/xconsole rw, - /etc/syslog.conf r, - /sbin/syslogd rmix, - /var/log/** rw, - /var/run/syslogd.pid rwl, - /var/run/utmp rw, - /var/spool/compaq/nic/messages_fifo rw, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/sbin.syslog-ng new/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng --- old/apparmor-profiles-2.0.1/enabled/sbin.syslog-ng 2006-11-27 11:44:24.000000000 +0100 +++ new/apparmor-profiles-2.0.2/enabled/sbin.syslog-ng 1970-01-01 01:00:00.000000000 +0100 @@ -1,35 +0,0 @@ -# $Id$ -# ------------------------------------------------------------------ -# -# Copyright (C) 2006 Novell/SUSE -# Copyright (C) 2006 Christian Boltz -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/sbin/syslog-ng { - #include <abstractions/base> - #include <abstractions/consoles> - #include <abstractions/nameservice> - - capability chown, - capability dac_override, - capability fsetid, - capability fowner, - - /dev/log w, - /dev/tty10 w, - /dev/xconsole rw, - /etc/syslog-ng/* r, - /sbin/syslog-ng mr, - # chrooted applications - /var/lib/*/dev/log w, - /var/log/** w, - /var/run/syslog-ng.pid w, -} - diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.identd new/apparmor-profiles-2.0.2/enabled/usr.sbin.identd --- old/apparmor-profiles-2.0.1/enabled/usr.sbin.identd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.identd 1970-01-01 01:00:00.000000000 +0100 @@ -1,27 +0,0 @@ -# $Id: usr.sbin.identd 90 2006-08-04 19:13:59Z seth_arnold $ -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/usr/sbin/identd { - #include <abstractions/base> - #include <abstractions/nameservice> - capability net_bind_service, - capability setgid, - capability setuid, - /etc/identd.conf r, - /etc/identd.key r, - /etc/identd.pid w, - /usr/sbin/identd rmix, - /proc/net/tcp r, - /proc/net/tcp6 r, - /var/run/identd.pid w, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.mdnsd new/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd --- old/apparmor-profiles-2.0.1/enabled/usr.sbin.mdnsd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.mdnsd 1970-01-01 01:00:00.000000000 +0100 @@ -1,33 +0,0 @@ -# $Id: usr.sbin.mdnsd 90 2006-08-04 19:13:59Z seth_arnold $ -# vim:syntax=apparmor -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/usr/sbin/mdnsd { - #include <abstractions/base> - #include <abstractions/consoles> - #include <abstractions/nameservice> - - capability net_bind_service, - capability setgid, - capability setuid, - capability sys_chroot, - capability sys_resource, - - /usr/sbin/mdnsd rmix, - - /proc/net r, - /proc/net/unix r, - /proc/sys/kernel/ngroups_max r, - /var/run/mdnsd lw, - /var/run/mdnsd.pid w, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.named new/apparmor-profiles-2.0.2/enabled/usr.sbin.named --- old/apparmor-profiles-2.0.1/enabled/usr.sbin.named 2007-01-19 13:05:05.000000000 +0100 +++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.named 1970-01-01 01:00:00.000000000 +0100 @@ -1,43 +0,0 @@ -# $Id: usr.sbin.named 307 2007-01-19 12:05:05Z seth_arnold $ -# -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ -# vim:syntax=apparmor -# Last Modified: Wed Aug 17 14:09:24 2005 - -#include <tunables/global> - -/usr/sbin/named { - #include <abstractions/base> - #include <abstractions/nameservice> - #include <abstractions/xad> - - capability net_bind_service, - capability setgid, - capability setuid, - capability sys_chroot, - - /** r, - /dyn/** rwl, - /usr/bin/dnskeygen mix, - /usr/bin/dnsquery mix, - /usr/sbin/named rmix, - /usr/sbin/named-xfer mix, - /var/lib/named/** rwl, - /var/named/** rwl, - /var/run/named.pid wl, - /var/run/named/named.pid wl, - /var/run/ndc wl, - /slave/* rw, - - /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r, - /var/tmp/DNS_* rw, - /tmp/DNS_* rw, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.nscd new/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd --- old/apparmor-profiles-2.0.1/enabled/usr.sbin.nscd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.nscd 1970-01-01 01:00:00.000000000 +0100 @@ -1,41 +0,0 @@ -# vim:syntax=apparmor -# Last Modified: Sun Jan 22 00:12:50 2006 -# $Id: usr.sbin.nscd 90 2006-08-04 19:13:59Z seth_arnold $ -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/usr/sbin/nscd { - #include <abstractions/base> - #include <abstractions/consoles> - #include <abstractions/nameservice> - - capability net_bind_service, - - /etc/nscd.conf r, - /proc/meminfo r, - /proc/*/fd r, - /proc/*/fd/* r, - /proc/*/maps r, - /proc/*/mounts r, - /proc/filesystems r, - /proc/sys/kernel/ngroups_max r, - /usr/sbin/nscd rmix, - /var/run/.nscd_socket wl, - /var/run/nscd r, - /var/run/nscd/db* wl, - /var/run/nscd/socket wl, - /var/run/nscd/{passwd,group} w, - /var/run/{nscd/,}nscd.pid rwl, - - /tmp/.winbindd/pipe rw, - /var/lib/samba/winbindd_privileged/pipe rw, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.ntpd new/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd --- old/apparmor-profiles-2.0.1/enabled/usr.sbin.ntpd 2007-01-19 13:05:05.000000000 +0100 +++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.ntpd 1970-01-01 01:00:00.000000000 +0100 @@ -1,49 +0,0 @@ -# vim:syntax=apparmor -# Last Modified: Sun Jan 22 00:11:27 2006 -# $Id: usr.sbin.ntpd 307 2007-01-19 12:05:05Z seth_arnold $ -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/usr/sbin/ntpd { - #include <abstractions/base> - #include <abstractions/nameservice> - #include <abstractions/xad> - - capability ipc_lock, - capability net_bind_service, - capability setgid, - capability setuid, - capability sys_chroot, - capability sys_resource, - capability sys_time, - - /drift/ntp.drift rwl, - /drift/ntp.drift.TEMP rwl, - /etc/ntpd.conf r, - /etc/ntp.conf r, - /etc/ntp/drift* rwl, - /etc/ntp/keys r, - /etc/ntp/step-tickers r, - /proc/net/if_inet6 r, - /tmp/ntp* rwl, - /usr/sbin/ntpd rmix, - /var/lib/ntp/etc/ntp.conf.iburst r, - /var/lib/ntp/drift rwl, - /var/lib/ntp/drift.TEMP rwl, - /var/lib/ntp/drift/ntp.drift r, - /var/lib/ntp/var/run/ntp/ntpd.pid w, - /var/log/ntp w, - /var/log/ntp.log w, - /var/opt/novell/xad/rpc/xadsd rw, - /var/run/ntpd.pid w, - /var/tmp/ntp* rwl, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/enabled/usr.sbin.traceroute new/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute --- old/apparmor-profiles-2.0.1/enabled/usr.sbin.traceroute 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/enabled/usr.sbin.traceroute 1970-01-01 01:00:00.000000000 +0100 @@ -1,23 +0,0 @@ -# $Id: usr.sbin.traceroute 90 2006-08-04 19:13:59Z seth_arnold $ -# ------------------------------------------------------------------ -# -# Copyright (C) 2002-2005 Novell/SUSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - -#include <tunables/global> - -/usr/sbin/traceroute { - #include <abstractions/base> - #include <abstractions/consoles> - #include <abstractions/nameservice> - - capability net_raw, - - /proc/net/route r, - /usr/sbin/traceroute rmix, -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/sbin.klogd new/apparmor-profiles-2.0.2/extras/sbin.klogd --- old/apparmor-profiles-2.0.1/extras/sbin.klogd 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/sbin.klogd 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,24 @@ +# $Id: sbin.klogd 520 2007-03-30 23:32:48Z agruen $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/sbin/klogd { + #include <abstractions/base> + + capability sys_admin, + + /boot/System.map* r, + /proc/kmsg r, + /sbin/klogd rmix, + /var/log/boot.msg rwl, + /var/run/klogd.pid rwl, +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/sbin.syslogd new/apparmor-profiles-2.0.2/extras/sbin.syslogd --- old/apparmor-profiles-2.0.1/extras/sbin.syslogd 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/sbin.syslogd 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,34 @@ +# $Id: sbin.syslogd 520 2007-03-30 23:32:48Z agruen $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/sbin/syslogd { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/consoles> + + capability sys_tty_config, + capability dac_override, + capability dac_read_search, + + /dev/log wl, + /var/lib/*/dev/log wl, + + /dev/tty* w, + /dev/xconsole rw, + /etc/syslog.conf r, + /sbin/syslogd rmix, + /var/log/** rw, + /var/run/syslogd.pid rwl, + /var/run/utmp rw, + /var/spool/compaq/nic/messages_fifo rw, +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/sbin.syslog-ng new/apparmor-profiles-2.0.2/extras/sbin.syslog-ng --- old/apparmor-profiles-2.0.1/extras/sbin.syslog-ng 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/sbin.syslog-ng 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,35 @@ +# $Id$ +# ------------------------------------------------------------------ +# +# Copyright (C) 2006 Novell/SUSE +# Copyright (C) 2006 Christian Boltz +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/sbin/syslog-ng { + #include <abstractions/base> + #include <abstractions/consoles> + #include <abstractions/nameservice> + + capability chown, + capability dac_override, + capability fsetid, + capability fowner, + + /dev/log w, + /dev/tty10 w, + /dev/xconsole rw, + /etc/syslog-ng/* r, + /sbin/syslog-ng mr, + # chrooted applications + /var/lib/*/dev/log w, + /var/log/** w, + /var/run/syslog-ng.pid w, +} + diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.identd new/apparmor-profiles-2.0.2/extras/usr.sbin.identd --- old/apparmor-profiles-2.0.1/extras/usr.sbin.identd 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/usr.sbin.identd 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,27 @@ +# $Id: usr.sbin.identd 520 2007-03-30 23:32:48Z agruen $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/identd { + #include <abstractions/base> + #include <abstractions/nameservice> + capability net_bind_service, + capability setgid, + capability setuid, + /etc/identd.conf r, + /etc/identd.key r, + /etc/identd.pid w, + /usr/sbin/identd rmix, + /proc/net/tcp r, + /proc/net/tcp6 r, + /var/run/identd.pid w, +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.mdnsd new/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd --- old/apparmor-profiles-2.0.1/extras/usr.sbin.mdnsd 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/usr.sbin.mdnsd 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,33 @@ +# $Id: usr.sbin.mdnsd 520 2007-03-30 23:32:48Z agruen $ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/mdnsd { + #include <abstractions/base> + #include <abstractions/consoles> + #include <abstractions/nameservice> + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + capability sys_resource, + + /usr/sbin/mdnsd rmix, + + /proc/net r, + /proc/net/unix r, + /proc/sys/kernel/ngroups_max r, + /var/run/mdnsd lw, + /var/run/mdnsd.pid w, +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.named new/apparmor-profiles-2.0.2/extras/usr.sbin.named --- old/apparmor-profiles-2.0.1/extras/usr.sbin.named 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/usr.sbin.named 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,43 @@ +# $Id: usr.sbin.named 520 2007-03-30 23:32:48Z agruen $ +# +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# vim:syntax=apparmor +# Last Modified: Wed Aug 17 14:09:24 2005 + +#include <tunables/global> + +/usr/sbin/named { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/xad> + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + + /** r, + /dyn/** rwl, + /usr/bin/dnskeygen mix, + /usr/bin/dnsquery mix, + /usr/sbin/named rmix, + /usr/sbin/named-xfer mix, + /var/lib/named/** rwl, + /var/named/** rwl, + /var/run/named.pid wl, + /var/run/named/named.pid wl, + /var/run/ndc wl, + /slave/* rw, + + /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r, + /var/tmp/DNS_* rw, + /tmp/DNS_* rw, +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.nscd new/apparmor-profiles-2.0.2/extras/usr.sbin.nscd --- old/apparmor-profiles-2.0.1/extras/usr.sbin.nscd 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/usr.sbin.nscd 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,41 @@ +# vim:syntax=apparmor +# Last Modified: Sun Jan 22 00:12:50 2006 +# $Id: usr.sbin.nscd 520 2007-03-30 23:32:48Z agruen $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/nscd { + #include <abstractions/base> + #include <abstractions/consoles> + #include <abstractions/nameservice> + + capability net_bind_service, + + /etc/nscd.conf r, + /proc/meminfo r, + /proc/*/fd r, + /proc/*/fd/* r, + /proc/*/maps r, + /proc/*/mounts r, + /proc/filesystems r, + /proc/sys/kernel/ngroups_max r, + /usr/sbin/nscd rmix, + /var/run/.nscd_socket wl, + /var/run/nscd r, + /var/run/nscd/db* wl, + /var/run/nscd/socket wl, + /var/run/nscd/{passwd,group} w, + /var/run/{nscd/,}nscd.pid rwl, + + /tmp/.winbindd/pipe rw, + /var/lib/samba/winbindd_privileged/pipe rw, +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.ntpd new/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd --- old/apparmor-profiles-2.0.1/extras/usr.sbin.ntpd 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/usr.sbin.ntpd 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,49 @@ +# vim:syntax=apparmor +# Last Modified: Sun Jan 22 00:11:27 2006 +# $Id: usr.sbin.ntpd 520 2007-03-30 23:32:48Z agruen $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/ntpd { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/xad> + + capability ipc_lock, + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + capability sys_resource, + capability sys_time, + + /drift/ntp.drift rwl, + /drift/ntp.drift.TEMP rwl, + /etc/ntpd.conf r, + /etc/ntp.conf r, + /etc/ntp/drift* rwl, + /etc/ntp/keys r, + /etc/ntp/step-tickers r, + /proc/net/if_inet6 r, + /tmp/ntp* rwl, + /usr/sbin/ntpd rmix, + /var/lib/ntp/etc/ntp.conf.iburst r, + /var/lib/ntp/drift rwl, + /var/lib/ntp/drift.TEMP rwl, + /var/lib/ntp/drift/ntp.drift r, + /var/lib/ntp/var/run/ntp/ntpd.pid w, + /var/log/ntp w, + /var/log/ntp.log w, + /var/opt/novell/xad/rpc/xadsd rw, + /var/run/ntpd.pid w, + /var/tmp/ntp* rwl, +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.1/extras/usr.sbin.traceroute new/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute --- old/apparmor-profiles-2.0.1/extras/usr.sbin.traceroute 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/extras/usr.sbin.traceroute 2007-03-31 01:32:48.000000000 +0200 @@ -0,0 +1,23 @@ +# $Id: usr.sbin.traceroute 520 2007-03-30 23:32:48Z agruen $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/traceroute { + #include <abstractions/base> + #include <abstractions/consoles> + #include <abstractions/nameservice> + + capability net_raw, + + /proc/net/route r, + /usr/sbin/traceroute rmix, +} ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org