Hello community,
here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2019-10-10 12:21:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
and /work/SRC/openSUSE:Factory/.apparmor.new.2352 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor"
Thu Oct 10 12:21:35 2019 rev:131 rq:735945 version:2.13.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2019-10-07 13:37:00.781008484 +0200
+++ /work/SRC/openSUSE:Factory/.apparmor.new.2352/apparmor.changes 2019-10-10 12:21:37.562979858 +0200
@@ -1,0 +2,6 @@
+Mon Oct 7 19:58:19 UTC 2019 - Christian Boltz
+
+- add usr-etc-abstractions-authentification.diff to allow reading
+ /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
+
+-------------------------------------------------------------------
New:
----
usr-etc-abstractions-authentification.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.uDBhx0/_old 2019-10-10 12:21:38.906976597 +0200
+++ /var/tmp/diff_new_pack.uDBhx0/_new 2019-10-10 12:21:38.906976597 +0200
@@ -71,6 +71,9 @@
# add certbot paths to abstractions/ssl_keys and abstractions/ssl_certs (from upstream https://gitlab.com/apparmor/apparmor/merge_requests/398, merged 2019-06-30)
Patch7: abstractions-ssl-certbot-paths.diff
+# allow reading /usr/etc/pam.d/* and some other authentification-related files (submitted upstream 2019-10-07 https://gitlab.com/apparmor/apparmor/merge_requests/426)
+Patch8: usr-etc-abstractions-authentification.diff
+
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor
@@ -361,6 +364,7 @@
%patch5
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
%define _lto_cflags %{nil}
++++++ usr-etc-abstractions-authentification.diff ++++++
commit ee7194a7141b99225bb1d040ef2d37ad47ca838e
Author: Christian Boltz
Date: Mon Oct 7 21:47:25 2019 +0200
Allow /usr/etc/ in abstractions/authentication
openSUSE (and hopefully some other distributions) work on moving shipped
config files from /etc/ to /usr/etc/ so that /etc/ only contains files
written by the admin of each system.
See https://en.opensuse.org/openSUSE:Packaging_UsrEtc for details and
the first moved files.
Updating abstractions/authentication is the first step, and also fixes
bugzilla.opensuse.org/show_bug.cgi?id=1153162
diff --git a/profiles/apparmor.d/abstractions/authentication b/profiles/apparmor.d/abstractions/authentication
index b92516f9..58efe6b9 100644
--- a/profiles/apparmor.d/abstractions/authentication
+++ b/profiles/apparmor.d/abstractions/authentication
@@ -2,6 +2,7 @@
#
# Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2009-2012 Canonical Ltd
+# Copyright (C) 2019 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -14,13 +15,13 @@
# Some services need to perform authentication of users
# Such authentication almost certainly needs access to the local users
# databases containing passwords, PAM configuration files, PAM libraries
- /etc/nologin r,
- /etc/pam.d/* r,
- /etc/securetty r,
- /etc/security/* r,
- /etc/shadow r,
- /etc/gshadow r,
- /etc/pwdb.conf r,
+ /{usr/,}etc/nologin r,
+ /{usr/,}etc/pam.d/* r,
+ /{usr/,}etc/securetty r,
+ /{usr/,}etc/security/* r,
+ /{usr/,}etc/shadow r,
+ /{usr/,}etc/gshadow r,
+ /{usr/,}etc/pwdb.conf r,
/{usr/,}lib{,32,64}/security/pam_filter/* mr,
/{usr/,}lib{,32,64}/security/pam_*.so mr,
@@ -32,8 +33,8 @@
# kerberos
#include
# SuSE's pwdutils are different:
- /etc/default/passwd r,
- /etc/login.defs r,
+ /{usr/,}etc/default/passwd r,
+ /{usr/,}etc/login.defs r,
# nis
#include