Hello community, here is the log from the commit of package bind checked in at Thu May 17 11:22:25 CEST 2007. -------- --- bind/bind.changes 2007-05-02 10:43:04.000000000 +0200 +++ /mounts/work_src_done/STABLE/bind/bind.changes 2007-05-15 12:19:47.143216000 +0200 @@ -1,0 +2,5 @@ +Tue May 15 12:19:20 CEST 2007 - ug@suse.de + +- added apparmor profile + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.tn4392/_old 2007-05-17 11:21:30.000000000 +0200 +++ /var/tmp/diff_new_pack.tn4392/_new 2007-05-17 11:21:30.000000000 +0200 @@ -16,7 +16,7 @@ BuildRequires: openssl openssl-devel Summary: Domain Name System (DNS) Server (named) Version: 9.4.1 -Release: 1 +Release: 3 %define SDB_LDAP_VERSION 1.0-beta License: BSD License and BSD-like, X11/MIT Group: Productivity/Networking/DNS/Servers @@ -292,6 +292,8 @@ mv vendor-files/config/named.conf ${RPM_BUILD_ROOT}/%{_sysconfdir} mv vendor-files/config/bind.reg ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d mv vendor-files/config/rndc-access.conf ${RPM_BUILD_ROOT}/%{_sysconfdir}/named.d +mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/apparmor.d +mv vendor-files/apparmor/usr.sbin.named ${RPM_BUILD_ROOT}/%{_sysconfdir}/apparmor.d/usr.sbin.named for file in named.conf.include rndc.key; do touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/${file} done @@ -548,6 +550,8 @@ %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include %attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key %config /%{_sysconfdir}/init.d/named +%dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/ +%attr(644, root, root) %config(noreplace) /%{_sysconfdir}/apparmor.d/usr.sbin.named %{_sbindir}/rcnamed %{_sbindir}/named %{_sbindir}/named-checkconf @@ -668,6 +672,8 @@ %doc %{_mandir}/man5/idnrc.5.gz %changelog +* Tue May 15 2007 - ug@suse.de +- added apparmor profile * Wed May 02 2007 - ug@suse.de - version 9.4.1 - query_addsoa() was being called with a non zone db. ++++++ vendor-files.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vendor-files/apparmor/usr.sbin.named new/vendor-files/apparmor/usr.sbin.named --- old/vendor-files/apparmor/usr.sbin.named 1970-01-01 01:00:00.000000000 +0100 +++ new/vendor-files/apparmor/usr.sbin.named 2007-05-15 11:34:55.000000000 +0200 @@ -0,0 +1,43 @@ +# $Id: usr.sbin.named 559 2007-04-10 23:05:33Z agruen $ +# +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ +# vim:syntax=apparmor +# Last Modified: Wed Aug 17 14:09:24 2005 + +#include <tunables/global> + +/usr/sbin/named { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/xad> + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + + /** r, + /dyn/** rwl, + /usr/bin/dnskeygen mix, + /usr/bin/dnsquery mix, + /usr/sbin/named rmix, + /usr/sbin/named-xfer mix, + /var/lib/named/** rwl, + /var/named/** rwl, + /var/run/named.pid wl, + /var/run/named/named.pid wl, + /var/run/ndc wl, + /slave/* rw, + + /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r, + /var/tmp/DNS_* rw, + /tmp/DNS_* rw, +} ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org