commit apparmor-profiles

Hello community, here is the log from the commit of package apparmor-profiles checked in at Sat May 26 00:06:40 CEST 2007. -------- --- apparmor-profiles/apparmor-profiles.changes 2007-05-23 00:24:24.000000000 +0200 +++ /mounts/work_src_done/NOARCH/apparmor-profiles/apparmor-profiles.changes 2007-05-25 23:47:11.335219000 +0200 @@ -1,0 +2,5 @@ +Fri May 25 23:46:11 CEST 2007 - srarnold@suse.de + +- replace /proc/ with @{PROC} from sbeattie + +------------------------------------------------------------------- Old: ---- apparmor-profiles-2.0.2-692.tar.gz New: ---- apparmor-profiles-2.0.2-702.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor-profiles.spec ++++++ --- /var/tmp/diff_new_pack.z31903/_old 2007-05-26 00:05:51.000000000 +0200 +++ /var/tmp/diff_new_pack.z31903/_new 2007-05-26 00:05:51.000000000 +0200 @@ -16,9 +16,9 @@ %endif Summary: AppArmor profiles that are loaded into the apparmor kernel module Version: 2.0.2 -Release: 11 +Release: 13 Group: Productivity/Security -Source0: %{name}-%{version}-692.tar.gz +Source0: %{name}-%{version}-702.tar.gz License: GNU General Public License (GPL) BuildRoot: %{_tmppath}/%{name}-%{version}-build URL: http://forge.novell.com/modules/xfmod/project/?apparmor @@ -76,6 +76,8 @@ %preun %changelog +* Fri May 25 2007 - srarnold@suse.de +- replace /proc/ with @{PROC} from sbeattie * Wed May 23 2007 - srarnold@suse.de - Bug 265775 - changes for kerberosclient profile [updated the abstraction] ++++++ apparmor-profiles-2.0.2-692.tar.gz -> apparmor-profiles-2.0.2-702.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/bin.netstat new/apparmor-profiles-2.0.2/apparmor/profiles/extras/bin.netstat --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/bin.netstat 2006-11-16 13:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/bin.netstat 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: bin.netstat 239 2006-11-16 12:00:00Z seth_arnold $ +# $Id: bin.netstat 697 2007-05-25 03:09:30Z steve-beattie $ # vim:syntax=apparmor # ------------------------------------------------------------------ # @@ -25,9 +25,9 @@ /bin/netstat rmix, /etc/networks r, - /proc r, - /proc/[0-9]*/cmdline r, - /proc/[0-9]*/fd r, - /proc/net r, - /proc/net/* r, + @{PROC} r, + @{PROC}/[0-9]*/cmdline r, + @{PROC}/[0-9]*/fd r, + @{PROC}/net r, + @{PROC}/net/* r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.logrotate new/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.logrotate --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.logrotate 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.logrotate 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: etc.cron.daily.logrotate 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: etc.cron.daily.logrotate 697 2007-05-25 03:09:30Z steve-beattie $ # vim:syntax=apparmor # ------------------------------------------------------------------ # @@ -40,8 +40,8 @@ /etc/logrotate.d r, /etc/logrotate.d/* r, /etc/subdomain.d r, - /proc r, - /proc/[1-9]* r, + @{PROC} r, + @{PROC}/[1-9]* r, /tmp w, /tmp/file* wl, /tmp/logrot* wlr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.slocate.cron new/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.slocate.cron --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.slocate.cron 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/etc.cron.daily.slocate.cron 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: etc.cron.daily.slocate.cron 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: etc.cron.daily.slocate.cron 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -21,7 +21,6 @@ /dev/tty wr , /etc/cron.daily/slocate.cron r , /etc/mtab r , - /proc/meminfo r , /usr/bin/slocate mixr, /usr/bin/renice mixr, /** r , diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.evolution-2.4 new/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.evolution-2.4 --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.evolution-2.4 2007-05-16 23:55:13.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.evolution-2.4 2007-05-25 05:09:30.000000000 +0200 @@ -132,11 +132,9 @@ /opt/mozilla/bin/mozilla.sh Pxr, /opt/mozilla/lib/** r, /opt/mozilla/lib/**.so mr, - /proc/*/cmdline r, - /proc/meminfo r, - /proc/net r, - /proc/net/* r, - /proc/stat r, + @{PROC}/*/cmdline r, + @{PROC}/net r, + @{PROC}/net/* r, /tmp r, /tmp/* lrw, /tmp/.ICE-unix/* w, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.gaim new/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.gaim --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.gaim 2007-05-16 23:55:13.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.bin.gaim 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: opt.gnome.bin.gaim 686 2007-05-16 21:55:13Z seth_arnold $ +# $Id: opt.gnome.bin.gaim 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -59,9 +59,7 @@ /opt/kde3/bin/kde-config mixr, /opt/mozilla/lib/lib*so* mr, /opt/mozilla/lib64/lib*so* mr, - /proc/cpuinfo r, - /proc/stat r, - /proc/*/cmdline r, + @{PROC}/*/cmdline r, /usr/X11R6/lib/Acrobat*/Resource/Font/* r, /usr/X11R6/lib/Acrobat*/Resource/Font/PFM/* r, /usr/X11R6/lib/lib*so* mr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 new/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4 697 2007-05-25 03:09:30Z steve-beattie $ # vim:syntax=apparmor # Last Modified: Wed Sep 7 07:44:21 2005 # ------------------------------------------------------------------ @@ -37,8 +37,6 @@ /opt/gnome/lib/gnome-vfs** mr, /opt/gnome/lib/lib*so* mr, /opt/gnome/share/evolution-data-server-*/** mr, - /proc/meminfo r, - /proc/stat r, /usr/X11R6/lib/X11/locale/* r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/sbin.dhclient new/apparmor-profiles-2.0.2/apparmor/profiles/extras/sbin.dhclient --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/sbin.dhclient 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/sbin.dhclient 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: sbin.dhclient 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: sbin.dhclient 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -33,12 +33,12 @@ /bin/ps mixr, /dev/random r, /etc/dhclient.conf r, - /proc/ r, - /proc/interrupts r, - /proc/net/dev r, - /proc/rtc r, - /proc/self/status r, - /proc/stat r, + @{PROC}/ r, + @{PROC}/interrupts r, + @{PROC}/net/dev r, + @{PROC}/rtc r, + # following rule shouldn't work, self is a symlink + @{PROC}/self/status r, /sbin/arp rmix, /usr/bin/dig rmix, /usr/bin/uptime rmix, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.man new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.man --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.man 2006-11-03 13:58:04.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.man 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.bin.man 192 2006-11-03 12:58:04Z seth_arnold $ +# $Id: usr.bin.man 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -20,7 +20,6 @@ capability setgid, capability setuid, - /proc/sys/kernel/ngroups_max r, /usr/lib/man-db/man Px, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.opera new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.opera --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.opera 2007-05-16 23:55:13.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.bin.opera 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.bin.opera 686 2007-05-16 21:55:13Z seth_arnold $ +# $Id: usr.bin.opera 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -37,10 +37,9 @@ /etc/opera6rc rw, /etc/opera6rc.fixed rw, /opt r, - /proc/*/stat r, - /proc/net/if_inet6 r, - /proc/stat r, - /proc/sys/vm/heap-stack-gap r, + @{PROC}/[0-9]*/stat r, + @{PROC}/net/if_inet6 r, + @{PROC}/sys/vm/heap-stack-gap r, @{HOME}/.fonts.cache-* r, @{HOME}/.fonts r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.firefox.firefox-bin new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.firefox.firefox-bin --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.firefox.firefox-bin 2007-05-16 23:55:13.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.firefox.firefox-bin 2007-05-25 05:09:30.000000000 +0200 @@ -1,6 +1,6 @@ # vim:syntax=apparmor # Last Modified: Fri Feb 17 17:48:58 2006 -# $Id: usr.lib.firefox.firefox-bin 686 2007-05-16 21:55:13Z seth_arnold $ +# $Id: usr.lib.firefox.firefox-bin 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -63,12 +63,11 @@ /opt/kde3/bin/kde-config mixr, /opt/kde3/share/applications/**.desktop r, /opt/kde3/share/applications/mimeinfo.cache r, - /proc/*/cmdline r, - /proc/*/maps r, - /proc/*/stat r, - /proc/net/if_inet6 r, - /proc/stat r, - /proc/sys/vm/heap-stack-gap r, + @{PROC}/[0-9]*/cmdline r, + @{PROC}/[0-9]*/maps r, + @{PROC}/[0-9]*/stat r, + @{PROC}/net/if_inet6 r, + @{PROC}/sys/vm/heap-stack-gap r, /usr/X11R6/lib/Acrobat*/Browser/intellinux/nppdf.so mr, /usr/X11R6/lib/Acrobat*/Resource/Font/** r, /usr/X11R6/lib/lib*so* mr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.man-db.man new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.man-db.man --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.man-db.man 2007-01-26 11:52:26.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.man-db.man 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.man-db.man 314 2007-01-26 10:52:26Z seth_arnold $ +# $Id: usr.lib.man-db.man 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -33,7 +33,6 @@ /etc/papersize r, /etc/termcap r, /opt/gnome/man/** r, - /proc/sys/kernel/ngroups_max r, /usr/bin/apropos Px, /usr/bin/cmp rmix, /usr/bin/groff rmix, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.anvil new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.anvil --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.anvil 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.anvil 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.anvil 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.anvil 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -25,6 +25,5 @@ /etc/postfix/main.cf r, /{var/spool/postfix/,}private/anvil rw, /{var/spool/postfix/,}pid/unix.anvil rw, - /proc/net/if_inet6 r, - /proc/sys/kernel/ngroups_max r, + @{PROC}/net/if_inet6 r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.bounce new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.bounce --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.bounce 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.bounce 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.bounce 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.bounce 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -43,6 +43,5 @@ /{var/spool/postfix/,}pid/unix.trace rw, /etc/postfix/main.cf r, - /proc/net/if_inet6 r, - /proc/sys/kernel/ngroups_max r, + @{PROC}/net/if_inet6 r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.cleanup new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.cleanup --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.cleanup 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.cleanup 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.cleanup 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.cleanup 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -31,6 +31,4 @@ /{var/spool/postfix/,}pid/unix.cleanup rw, /etc/{m,fs}tab r, /etc/postfix/* r, - /proc/sys/kernel/ngroups_max r, - /proc/{stat,cpuinfo} r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.flush new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.flush --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.flush 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.flush 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.flush 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.flush 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -48,7 +48,4 @@ @{HOME}/.forward r, - /proc/stat r, - /proc/sys/kernel/ngroups_max r, - } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.local new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.local --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.local 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.local 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.local 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.local 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -33,7 +33,6 @@ /etc/{postfix/,}aliases.db r, # mailman on SuSE is configed to have its own alias file /var/lib/mailman/data/aliases.db r, - /proc/{cpuinfo,stat} r, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rw, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]* rw, /{var/spool/postfix/,}active/[0-9A-F]* rw, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.pickup new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.pickup --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.pickup 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.pickup 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.pickup 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.pickup 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -19,8 +19,6 @@ /usr/lib/postfix/pickup rmix, - /proc/sys/kernel/ngroups_max r, - /{var/spool/postfix/,}public/cleanup w, /{var/spool/postfix/,}public/pickup r, /{var/spool/postfix/,}maildrop r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.proxymap new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.proxymap --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.proxymap 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.proxymap 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.proxymap 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.proxymap 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -22,6 +22,5 @@ /usr/lib/postfix/proxymap rmix, /etc/postfix/main.cf r, - /proc/net/if_inet6 r, - /proc/sys/kernel/ngroups_max r, + @{PROC}/net/if_inet6 r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.qmgr new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.qmgr --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.qmgr 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.qmgr 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.qmgr 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.qmgr 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -18,7 +18,6 @@ #include <program-chunks/postfix-common> /usr/lib/postfix/qmgr rmix, - /proc/sys/kernel/ngroups_max r, /{var/spool/postfix/,}active r, /{var/spool/postfix/,}active/[0-9A-F] r, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F] rwl, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.scache new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.scache --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.scache 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.scache 2007-05-25 05:09:30.000000000 +0200 @@ -19,6 +19,5 @@ /usr/lib/postfix/scache rmix, - /proc/sys/kernel/ngroups_max r, /var/run/nscd/group r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.showq new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.showq --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.showq 2006-08-04 21:14:15.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.showq 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.showq 91 2006-08-04 19:14:15Z seth_arnold $ +# $Id: usr.lib.postfix.showq 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -52,6 +52,4 @@ /{var/spool/postfix/,}maildrop r, /{var/spool/postfix/,}maildrop/[0-9A-F]* r, /{var/spool/postfix/,}pid/unix.showq rw, - - /proc/sys/kernel/ngroups_max r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtp new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtp --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtp 2006-10-18 23:13:42.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtp 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.smtp 163 2006-10-18 21:13:42Z seth_arnold $ +# $Id: usr.lib.postfix.smtp 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -38,12 +38,9 @@ /{var/spool/postfix/,}pid/unix.relay rw, /etc/postfix/{ssl/,}*.pem r, /etc/postfix/prng_exch rw, - /proc/sys/kernel/ngroups_max r, /usr/share/ssl/certs/ca-bundle.crt r, /usr/share/ssl/openssl.cnf r, /etc/postfix/virtual.db r, /etc/postfix/sasl_passwd.db r, /etc/mtab r, - /proc/stat r, - /proc/meminfo r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtpd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtpd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtpd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.smtpd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.smtpd 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.smtpd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -55,9 +55,5 @@ /var/run/sasl2/mux w, - /proc/net/if_inet6 r, - /proc/cpuinfo r, - /proc/stat r, - /proc/sys/kernel/ngroups_max r, - + @{PROC}/net/if_inet6 r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.tlsmgr new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.tlsmgr --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.tlsmgr 2006-12-08 07:26:21.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.tlsmgr 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.tlsmgr 267 2006-12-08 06:26:21Z steve-beattie $ +# $Id: usr.lib.postfix.tlsmgr 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -20,7 +20,6 @@ /usr/lib/postfix/tlsmgr rmix, /etc/postfix/prng_exch rw, - /proc/sys/kernel/ngroups_max r, /{var/spool/postfix/,}private/tlsmgr r, /var/run/__db.smtpd_tls_session_cache.db rw, /var/run/smtpd_tls_session_cache.db rw, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.lib.postfix.trivial-rewrite 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.lib.postfix.trivial-rewrite 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -24,7 +24,4 @@ /etc/postfix/virtual.db r, /etc/{m,fs}tab r, /var/spool/postfix/pid/unix.rewrite rw, - - /proc/{cpuinfo,stat} r, - /proc/sys/kernel/ngroups_max r, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.httpd2-prefork new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.httpd2-prefork --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.httpd2-prefork 2007-01-03 07:51:17.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.httpd2-prefork 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.httpd2-prefork 274 2007-01-03 06:51:17Z seth_arnold $ +# $Id: usr.sbin.httpd2-prefork 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -40,8 +40,6 @@ /etc/php.d r, /etc/php.d/** r, /etc/php.ini r, - /proc/meminfo r, - /proc/sys/kernel/ngroups_max r, /tmp/auth_ldap_cache.sem wl, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.lighttpd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.lighttpd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.lighttpd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.lighttpd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.lighttpd 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.lighttpd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -27,8 +27,6 @@ capability setgid, capability setuid, - /proc/sys/kernel/ngroups_max r, - /etc/lighttpd r, /etc/lighttpd/*.conf r, /etc/lighttpd/conf.d/*.conf r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.oidentd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.oidentd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.oidentd 2006-05-03 00:41:28.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.oidentd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.oidentd 39 2006-05-02 22:41:28Z seth_arnold $ +# $Id: usr.sbin.oidentd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -22,8 +22,8 @@ /etc/oidentd.conf r, /etc/oidentd_masq.conf r, - /proc/net/tcp r, - /proc/net/tcp6 r, + @{PROC}/net/tcp r, + @{PROC}/net/tcp6 r, # spoofing feature of oidentd @{HOME}/.ispoof r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postalias new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postalias --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postalias 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postalias 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.postalias 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.postalias 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -26,9 +26,7 @@ /etc/postfix/__db.aliases.db lrw, /etc/__db.aliases.db rwl, /usr/sbin/postalias rmix, - /proc/net/if_inet6 r, - /proc/cpuinfo r, - /proc/stat r, + @{PROC}/net/if_inet6 r, # On SuSE, mailman is configured to use its own alias db /var/lib/mailman/data/aliases r, /var/lib/mailman/data/__db.aliases.db rwl, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postdrop new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postdrop --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postdrop 2007-01-03 08:29:28.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postdrop 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.postdrop 276 2007-01-03 07:29:28Z seth_arnold $ +# $Id: usr.sbin.postdrop 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -25,7 +25,7 @@ /etc/postfix r, /etc/postfix/main.cf r, /etc/postfix/postfix-script mixr, - /proc/net/if_inet6 r, + @{PROC}/net/if_inet6 r, /usr/sbin/postdrop rmix, /var/spool/postfix r, /var/spool/postfix/maildrop r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postmap new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postmap --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postmap 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.postmap 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.postmap 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.postmap 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -21,8 +21,6 @@ /etc/mtab r, /etc/postfix/* r, /etc/postfix/*.db rwl, - /proc/cpuinfo r, - /proc/net/if_inet6 r, - /proc/stat r, + @{PROC}/net/if_inet6 r, /usr/sbin/postmap rmix, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail 2007-01-26 14:56:52.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.sendmail 318 2007-01-26 13:56:52Z seth_arnold $ +# $Id: usr.sbin.sendmail 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -44,11 +44,8 @@ /etc/sendmail.cf r, /etc/sendmail.cw r, /etc/shells r, - /proc/cpuinfo r, - /proc/loadavg r, - /proc/meminfo r, - /proc/net/if_inet6 r, - /proc/stat r, + @{PROC}/loadavg r, + @{PROC}/net/if_inet6 r, /root/dead.letter w, /root/.forward rw, /usr/kerberos/lib/lib*.so* mr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.postfix new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.postfix --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.postfix 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.postfix 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.sendmail.postfix 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.sendmail.postfix 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -25,8 +25,7 @@ /etc/postfix/aliases.db rw, /etc/postfix/main.cf r, /etc/postfix/postfix-script Px, - /proc/meminfo r, - /proc/net/if_inet6 r, + @{PROC}/net/if_inet6 r, /usr/lib/postfix r, /usr/lib/postfix/master Px, /usr/lib/postfix/showq Px, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.sendmail new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.sendmail --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.sendmail 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sendmail.sendmail 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.sendmail.sendmail 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.sendmail.sendmail 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -15,8 +15,7 @@ #include <abstractions/base> #include <abstractions/nameservice> - /proc/loadavg r, - /proc/cpuinfo r, + @{PROC}/loadavg r, /etc/aliases rw, /etc/aliases.db rw, /etc/fstab r, @@ -29,7 +28,6 @@ /etc/sendmail.cf r, /etc/sendmail.cw r, /etc/shells r, - /proc/stat r, /root/.forward rw, /root/dead.letter w, /usr/bin/procmail Px, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.smbd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.smbd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.smbd 2006-04-12 23:35:41.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.smbd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.smbd 12 2006-04-12 21:35:41Z steve-beattie $ +# $Id: usr.sbin.smbd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -32,7 +32,7 @@ @{HOME}/** rwl, @{HOMEDIRS} rwl, - /proc/*/mounts r, + @{PROC}/[0-9]*/mounts r, /tmp rw, /var/tmp rw, /var/tmp/** lrw, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.spamd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.spamd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.spamd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.spamd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.spamd 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.spamd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -30,7 +30,6 @@ @{HOME}/.spamassassin/* lrw, - /proc/stat r, /tmp/spamd-*-init r, /tmp/spamd-*-init/** lrw, /usr/bin/perl mix, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.squid new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.squid --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.squid 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.squid 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.squid 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.squid 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -30,11 +30,10 @@ /dev/tty rw, /etc/mtab r, /etc/squid/* r, - /proc/*/mounts r, - /proc/mounts r, + @{PROC}/[0-9]*/mounts r, + @{PROC}/mounts r, /usr/share/squid/** r, /var/log/squid/access.log w, - /proc/sys/kernel/ngroups_max r, /var/log/squid/cache.log rw, /var/log/squid/store.log w, /var/run/squid.pid lrw, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sshd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sshd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sshd 2007-04-11 02:34:06.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.sshd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.sshd 563 2007-04-11 00:34:06Z steve-beattie $ +# $Id: usr.sbin.sshd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -42,8 +42,8 @@ /var/run w, /var/run/sshd{,.init}.pid wl, - /proc/[0-9]*/fd/ r, - /proc/[0-9]*/loginuid w, + @{PROC}/[0-9]*/fd/ r, + @{PROC}/[0-9]*/loginuid w, # should only be here for use in non-change-hat openssh # duplicated from EXEC hat @@ -67,8 +67,7 @@ /dev/pts/[0-9]* rw, /etc/ssh/moduli r, - /proc/sys/kernel/ngroups_max r, - /proc/[0-9]*/mounts r, + @{PROC}/[0-9]*/mounts r, # duplicated from AUTHENTICATED /etc/motd r, @@ -134,8 +133,7 @@ /etc/hosts.allow r, /etc/hosts.deny r, /etc/ssh/moduli r, - /proc/sys/kernel/ngroups_max r, - /proc/[0-9]*/mounts r, + @{PROC}/[0-9]*/mounts r, # for debugging # /dev/pts/[0-9]* rw, @@ -160,7 +158,6 @@ /etc/localtime r, /etc/login.defs r, /etc/motd r, - /proc/sys/kernel/ngroups_max r, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.useradd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.useradd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.useradd 2006-11-13 10:53:10.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.useradd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.useradd 228 2006-11-13 09:53:10Z seth_arnold $ +# $Id: usr.sbin.useradd 697 2007-05-25 03:09:30Z steve-beattie $ # vim:syntax=apparmor # ------------------------------------------------------------------ # @@ -38,8 +38,8 @@ /etc/skel r, /etc/skel/** r, @{HOMEDIRS}** rw, - /proc/*/mounts r, - /proc/filesystems r, + @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, /usr/lib*/pwdutils/*so* mr, /usr/sbin/adduser rmix, /usr/sbin/useradd rmix, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.userdel new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.userdel --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.userdel 2007-01-26 14:28:39.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.userdel 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.userdel 317 2007-01-26 13:28:39Z seth_arnold $ +# $Id: usr.sbin.userdel 697 2007-05-25 03:09:30Z steve-beattie $ # vim:syntax=apparmor # ------------------------------------------------------------------ # @@ -38,7 +38,7 @@ /etc/shadow* rwl, /etc/pwdutils/logging r, @{HOMEDIRS}** rwl, - /proc/*/mounts r, + @{PROC}/[0-9]*/mounts r, /usr/bin/crontab rmix, /usr/lib*/pwdutils/*.so.* mr, /usr/sbin/userdel rmix, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.vsftpd new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.vsftpd --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.vsftpd 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.sbin.vsftpd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.vsftpd 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.sbin.vsftpd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -24,7 +24,6 @@ /etc/shells r, /etc/vsftpd.* r, /etc/vsftpd/* r, - /proc/meminfo r, /usr/sbin/vsftpd rmix, /var/log/vsftpd.log w, /var/log/xferlog w, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.X11R6.bin.xfs new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.X11R6.bin.xfs --- old/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.X11R6.bin.xfs 2006-08-04 21:13:59.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor/profiles/extras/usr.X11R6.bin.xfs 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.X11R6.bin.xfs 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: usr.X11R6.bin.xfs 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -19,7 +19,6 @@ /dev/tty wr, /etc/X11/fs/config r, /etc/mtab r, - /proc/meminfo r, /tmp/.font-unix/fs710[0-9] wl, /usr/X11R6/bin/xfs rmix, /usr/X11R6/lib/lib*.so* mr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/abstractions/audio new/apparmor-profiles-2.0.2/apparmor.d/abstractions/audio --- old/apparmor-profiles-2.0.2/apparmor.d/abstractions/audio 2006-04-12 23:35:41.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/abstractions/audio 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: audio 12 2006-04-12 21:35:41Z steve-beattie $ +# $Id: audio 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -34,7 +34,7 @@ /dev/snd/* rw, /dev/sound/* rw, -/proc/asound/** rw, +@{PROC}/asound/** rw, /usr/share/alsa/** r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/abstractions/base new/apparmor-profiles-2.0.2/apparmor.d/abstractions/base --- old/apparmor-profiles-2.0.2/apparmor.d/abstractions/base 2007-01-26 11:14:37.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor.d/abstractions/base 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: base 312 2007-01-26 10:14:37Z seth_arnold $ +# $Id: base 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -65,12 +65,12 @@ /dev/full rw, # Sometimes used to determine kernel/user interfaces to use - /proc/sys/kernel/version r, + @{PROC}/sys/kernel/version r, # Depending on which glibc routine uses this file, base may not be the # best place -- but many profiles require it, and it is quite harmless. - /proc/sys/kernel/ngroups_max r, + @{PROC}/sys/kernel/ngroups_max r, # glibc's sysconf(3) routine to determine free memory, etc - /proc/meminfo r, - /proc/stat r, - /proc/cpuinfo r, + @{PROC}/meminfo r, + @{PROC}/stat r, + @{PROC}/cpuinfo r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/abstractions/bash new/apparmor-profiles-2.0.2/apparmor.d/abstractions/bash --- old/apparmor-profiles-2.0.2/apparmor.d/abstractions/bash 2007-04-11 01:05:33.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/abstractions/bash 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: bash 559 2007-04-10 23:05:33Z agruen $ +# $Id: bash 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -33,12 +33,8 @@ # bash inspects filesystems at startup /etc/mtab r, - /proc/sys/kernel/ngroups_max r, - /proc/*/mounts r, - /proc/filesystems r, - - # bash wants, not sure why. - /proc/meminfo r, + @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, # probably readline wants to know terminal capabilities /usr/share/terminfo/** r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/program-chunks/postfix-common new/apparmor-profiles-2.0.2/apparmor.d/program-chunks/postfix-common --- old/apparmor-profiles-2.0.2/apparmor.d/program-chunks/postfix-common 2007-04-11 01:05:33.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/program-chunks/postfix-common 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: postfix-common 559 2007-04-10 23:05:33Z agruen $ +# $Id: postfix-common 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -17,7 +17,7 @@ /etc/postfix/*.cf r, /etc/postfix/*.db r, - /proc/net/if_inet6 r, + @{PROC}/net/if_inet6 r, /usr/lib/postfix/*.so mr, /usr/lib64/sasl2/* mr, /usr/lib64/sasl2/ r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/sbin.klogd new/apparmor-profiles-2.0.2/apparmor.d/sbin.klogd --- old/apparmor-profiles-2.0.2/apparmor.d/sbin.klogd 2007-04-11 01:05:33.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/sbin.klogd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: sbin.klogd 559 2007-04-10 23:05:33Z agruen $ +# $Id: sbin.klogd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -17,7 +17,7 @@ capability sys_admin, /boot/System.map* r, - /proc/kmsg r, + @{PROC}/kmsg r, /sbin/klogd rmix, /var/log/boot.msg rwl, /var/run/klogd.pid rwl, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/tunables/global new/apparmor-profiles-2.0.2/apparmor.d/tunables/global --- old/apparmor-profiles-2.0.2/apparmor.d/tunables/global 2006-04-12 23:35:41.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/tunables/global 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: global 12 2006-04-12 21:35:41Z steve-beattie $ +# $Id: global 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2006 Novell/SUSE @@ -13,3 +13,4 @@ # should be included here #include <tunables/home> +#include <tunables/proc> diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/tunables/proc new/apparmor-profiles-2.0.2/apparmor.d/tunables/proc --- old/apparmor-profiles-2.0.2/apparmor.d/tunables/proc 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.0.2/apparmor.d/tunables/proc 2007-05-25 23:24:11.000000000 +0200 @@ -0,0 +1,13 @@ +# $Id$ +# ------------------------------------------------------------------ +# +# Copyright (C) 2006 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# @{PROC} is the location where procfs is mounted. +@{PROC}=/proc/ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.identd new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.identd --- old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.identd 2007-04-11 01:05:33.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.identd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.identd 559 2007-04-10 23:05:33Z agruen $ +# $Id: usr.sbin.identd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -21,7 +21,7 @@ /etc/identd.key r, /etc/identd.pid w, /usr/sbin/identd rmix, - /proc/net/tcp r, - /proc/net/tcp6 r, + @{PROC}/net/tcp r, + @{PROC}/net/tcp6 r, /var/run/identd.pid w, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.mdnsd new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.mdnsd --- old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.mdnsd 2007-04-11 01:05:33.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.mdnsd 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.mdnsd 559 2007-04-10 23:05:33Z agruen $ +# $Id: usr.sbin.mdnsd 697 2007-05-25 03:09:30Z steve-beattie $ # vim:syntax=apparmor # ------------------------------------------------------------------ # @@ -25,9 +25,8 @@ /usr/sbin/mdnsd rmix, - /proc/net/ r, - /proc/net/unix r, - /proc/sys/kernel/ngroups_max r, + @{PROC}/net/ r, + @{PROC}/net/unix r, /var/run/mdnsd lw, /var/run/mdnsd.pid w, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.nscd new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.nscd --- old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.nscd 2007-04-11 01:05:33.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.nscd 2007-05-25 05:09:30.000000000 +0200 @@ -1,6 +1,6 @@ # vim:syntax=apparmor # Last Modified: Sun Jan 22 00:12:50 2006 -# $Id: usr.sbin.nscd 559 2007-04-10 23:05:33Z agruen $ +# $Id: usr.sbin.nscd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -21,13 +21,11 @@ capability net_bind_service, /etc/nscd.conf r, - /proc/meminfo r, - /proc/*/fd/ r, - /proc/*/fd/* r, - /proc/*/maps r, - /proc/*/mounts r, - /proc/filesystems r, - /proc/sys/kernel/ngroups_max r, + @{PROC}/[0-9]*/fd/ r, + @{PROC}/[0-9]*/fd/* r, + @{PROC}/[0-9]*/maps r, + @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, /usr/sbin/nscd rmix, /var/run/.nscd_socket wl, /var/run/nscd/ r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.ntpd new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.ntpd --- old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.ntpd 2007-05-17 01:47:40.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.ntpd 2007-05-25 05:09:30.000000000 +0200 @@ -1,6 +1,6 @@ # vim:syntax=apparmor # Last Modified: Sun Jan 22 00:11:27 2006 -# $Id: usr.sbin.ntpd 687 2007-05-16 23:47:40Z seth_arnold $ +# $Id: usr.sbin.ntpd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -33,7 +33,7 @@ /etc/ntp/drift* rwl, /etc/ntp/keys r, /etc/ntp/step-tickers r, - /proc/net/if_inet6 r, + @{PROC}/net/if_inet6 r, /tmp/ntp* rwl, /usr/sbin/ntpd rmix, /var/lib/ntp/etc/ntp.conf.iburst r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.traceroute new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.traceroute --- old/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.traceroute 2007-04-11 01:05:33.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor.d/usr.sbin.traceroute 2007-05-25 05:09:30.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: usr.sbin.traceroute 559 2007-04-10 23:05:33Z agruen $ +# $Id: usr.sbin.traceroute 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -18,6 +18,6 @@ capability net_raw, - /proc/net/route r, + @{PROC}/net/route r, /usr/sbin/traceroute rmix, } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0.2/apparmor-profiles.spec new/apparmor-profiles-2.0.2/apparmor-profiles.spec --- old/apparmor-profiles-2.0.2/apparmor-profiles.spec 2007-05-23 00:23:29.000000000 +0200 +++ new/apparmor-profiles-2.0.2/apparmor-profiles.spec 2007-05-25 23:25:18.000000000 +0200 @@ -24,9 +24,9 @@ Summary: AppArmor profiles Name: apparmor-profiles Version: 2.0.2 -Release: 692 +Release: 702 Group: Productivity/Security -Source0: %{name}-%{version}-692.tar.gz +Source0: %{name}-%{version}-702.tar.gz License: GPL BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build Url: http://forge.novell.com/modules/xfmod/project/?apparmor ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org