Hello community, here is the log from the commit of package apparmor-profiles checked in at Wed Aug 29 21:56:53 CEST 2007. -------- --- apparmor-profiles/apparmor-profiles.changes 2007-08-20 03:57:07.000000000 +0200 +++ /mounts/work_src_done/NOARCH/apparmor-profiles/apparmor-profiles.changes 2007-08-29 02:12:00.776670000 +0200 @@ -1,0 +2,15 @@ +Wed Aug 29 02:09:06 CEST 2007 - srarnold@suse.de + +[ changes from mathiaz, sbeattie, seth.arnold, dreynolds] +- ping network inet raw +- nscd network stream +- Ubuntu Launchpad bug #132468, nameservice abstraction resolv.conf +- Bug 241479 - Fix for usr.sbin.nscd profile +- Bug 287579 - <abstractions/X> doesn't allow access to /usr/share/X11 + and other xorg directories +- Bug 288960 - nscd with nss_ldap and sasl/gss bind to ldap server + failed +- Bug 295086 - abstractions/X lists /usr/X11R6 +- abstractions fixes from Mathias Gug (Ubuntu) + +------------------------------------------------------------------- Old: ---- apparmor-profiles-2.1-935.tar.gz New: ---- apparmor-profiles-2.1-951.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor-profiles.spec ++++++ --- /var/tmp/diff_new_pack.ZA6065/_old 2007-08-29 21:55:35.000000000 +0200 +++ /var/tmp/diff_new_pack.ZA6065/_new 2007-08-29 21:55:35.000000000 +0200 @@ -16,9 +16,9 @@ %endif Summary: AppArmor profiles that are loaded into the apparmor kernel module Version: 2.1 -Release: 3 +Release: 7 Group: Productivity/Security -Source0: %{name}-%{version}-935.tar.gz +Source0: %{name}-%{version}-951.tar.gz License: GPL v2 or later BuildRoot: %{_tmppath}/%{name}-%{version}-build URL: http://forge.novell.com/modules/xfmod/project/?apparmor @@ -76,6 +76,18 @@ %preun %changelog +* Wed Aug 29 2007 - srarnold@suse.de + [ changes from mathiaz, sbeattie, seth.arnold, dreynolds] +- ping network inet raw +- nscd network stream +- Ubuntu Launchpad bug #132468, nameservice abstraction resolv.conf +- Bug 241479 - Fix for usr.sbin.nscd profile +- Bug 287579 - <abstractions/X> doesn't allow access to /usr/share/X11 + and other xorg directories +- Bug 288960 - nscd with nss_ldap and sasl/gss bind to ldap server + failed +- Bug 295086 - abstractions/X lists /usr/X11R6 +- abstractions fixes from Mathias Gug (Ubuntu) * Mon Aug 20 2007 - dreynolds@suse.de [ changes from mathiaz, sbeattie, seth.arnold, dreynolds ] - Unbuntu Launchpad bug #132468: Nameservice abstraction should also include ++++++ apparmor-profiles-2.1-935.tar.gz -> apparmor-profiles-2.1-951.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/aspell new/apparmor-profiles-2.1/apparmor.d/abstractions/aspell --- old/apparmor-profiles-2.1/apparmor.d/abstractions/aspell 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/aspell 2007-08-28 02:49:51.000000000 +0200 @@ -0,0 +1,11 @@ +# vim:syntax=apparmor +# aspell permissions + + # per-user settings and dictionaries + @{HOME}/.aspell.*.{pws,prepl} r, + + # system libraries and dictionaries + /usr/lib/aspell/ r, + /usr/lib/aspell/* r, + /usr/lib/aspell/*.so m, + /var/lib/aspell/* r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/audio new/apparmor-profiles-2.1/apparmor.d/abstractions/audio --- old/apparmor-profiles-2.1/apparmor.d/abstractions/audio 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/audio 2007-08-28 02:49:51.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: audio 697 2007-05-25 03:09:30Z steve-beattie $ +# $Id: audio 949 2007-08-28 00:49:51Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -37,6 +37,8 @@ @{PROC}/asound/** rw, /usr/share/alsa/** r, +/usr/share/sounds/** r, @{HOME}/.esd_auth r, +@{HOME}/.asoundrc r, /etc/esd.conf r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/base new/apparmor-profiles-2.1/apparmor.d/abstractions/base --- old/apparmor-profiles-2.1/apparmor.d/abstractions/base 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/base 2007-08-28 02:49:51.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: base 697 2007-05-25 03:09:30Z steve-beattie $ +# $Id: base 949 2007-08-28 00:49:51Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -20,13 +20,17 @@ # and localisations of date should be available EVERYWHERE, so # StackGuard, FormatGuard, etc., alerts can be properly logged. /dev/log w, + /dev/random r, /dev/urandom r, /etc/locale/** r, + /etc/locale.alias r, /etc/localtime r, /usr/share/locale/** r, /usr/share/zoneinfo/** r, /usr/lib64/locale/** mr, + /usr/lib32/gconv/*.so mr, + /usr/lib32/gconv/gconv-modules* mr, /usr/lib64/gconv/*.so mr, /usr/lib64/gconv/gconv-modules* mr, /usr/lib/locale/** mr, @@ -43,23 +47,39 @@ /lib64/ld-*.so mrix, /lib/ld64-*.so mrix, /lib64/ld64-*.so mrix, + /lib32/ld-*.so mrix, + /lib/ld32-*.so mrix, + /lib32/ld32-*.so mrix, + /lib/tls/i686/cmov/ld-*.so mrix, /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix, # we might as well allow everything to use common libraries /lib/lib*.so* mr, + /lib32/lib*.so* mr, + /lib64/lib*.so* mr, /lib/*/lib*.so* mr, + /lib/tls/i686/cmov/lib*.so* mr, + /usr/lib/** r, /lib64/*/lib*.so* mr, /usr/lib/*.so* mr, /usr/lib/*/lib*.so* mr, + /usr/lib32/** r, + /usr/lib32/*.so* mr, + /usr/lib64/** r, /lib64/lib*.so* mr, /lib64/*/lib*.so* mr, /usr/lib64/*.so* mr, /usr/lib64/*/lib*.so* mr, + /usr/lib/sasl2/*.so* mr, + /usr/lib/**/lib*.so* mr, + /usr/lib32/*/lib*.so* mr, + /usr/lib64/sasl2/*.so* mr, + # /dev/null is pretty harmless and frequently used /dev/null rw, # as is /dev/zero - /dev/zero rw, + /dev/zero mrw, # recent glibc uses /dev/full in preference to /dev/null for programs # that don't have open fds at exec() /dev/full rw, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/consoles new/apparmor-profiles-2.1/apparmor.d/abstractions/consoles --- old/apparmor-profiles-2.1/apparmor.d/abstractions/consoles 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/consoles 2007-08-28 02:49:51.000000000 +0200 @@ -1,4 +1,5 @@ -# $Id: consoles 559 2007-04-10 23:05:33Z agruen $ +# vim:syntax=apparmor +# $Id: consoles 949 2007-08-28 00:49:51Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/dbus new/apparmor-profiles-2.1/apparmor.d/abstractions/dbus --- old/apparmor-profiles-2.1/apparmor.d/abstractions/dbus 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/dbus 2007-08-28 02:49:51.000000000 +0200 @@ -0,0 +1,6 @@ +# vim:syntax=apparmor +# dbus permissions + + # System socket + /var/run/dbus/system_bus_socket w, + diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/fonts new/apparmor-profiles-2.1/apparmor.d/abstractions/fonts --- old/apparmor-profiles-2.1/apparmor.d/abstractions/fonts 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/fonts 2007-08-28 02:49:51.000000000 +0200 @@ -1,4 +1,5 @@ -# $Id: fonts 726 2007-06-11 05:09:23Z seth_arnold $ +# vim:syntax=apparmor +# $Id: fonts 949 2007-08-28 00:49:51Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -24,6 +25,7 @@ /var/cache/fonts/** r, /var/cache/fontconfig/** mr, + /var/lib/defoma/** mr, /usr/share/a2ps/fonts/** r, /usr/share/xfce/fonts/** r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/freedesktop.org new/apparmor-profiles-2.1/apparmor.d/abstractions/freedesktop.org --- old/apparmor-profiles-2.1/apparmor.d/abstractions/freedesktop.org 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/freedesktop.org 2007-08-29 01:39:52.000000000 +0200 @@ -0,0 +1,16 @@ +# vim:syntax=apparmor +# freedesktop.org shared desktop FSH + + # system configuration + /usr/share/icons/ r, + /usr/share/icons/** r, + /usr/share/pixmaps/ r, + /usr/share/pixmaps/** r, + + # this should probably go elsewhere + /usr/share/mime/* r, + + # per-user configurations + @{HOME}/.icons r, + @{HOME}/.recently-used.xbel rw, + diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/gnome new/apparmor-profiles-2.1/apparmor.d/abstractions/gnome --- old/apparmor-profiles-2.1/apparmor.d/abstractions/gnome 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/gnome 2007-08-28 02:49:51.000000000 +0200 @@ -1,4 +1,5 @@ -# $Id: gnome 726 2007-06-11 05:09:23Z seth_arnold $ +# vim:syntax=apparmor +# $Id: gnome 949 2007-08-28 00:49:51Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -8,6 +9,12 @@ # License published by the Free Software Foundation. # # ------------------------------------------------------------------ +#include <abstractions/base> +#include <abstractions/fonts> +#include <abstractions/X> +#include <abstractions/freedesktop.org> +#include <abstractions/user-tmp> + # systemwide gtk defaults /etc/gnome/gtkrc* r, @@ -24,14 +31,13 @@ /usr/lib64/gtk-*/** mr, /usr/lib/pango/** mr, /usr/lib/gtk-*/** mr, - /usr/share/icons/** r, - /usr/share/pixmaps/** r, # per-user gtk configuration @{HOME}/.gnome/Gnome r, @{HOME}/.gtk r, @{HOME}/.gtkrc r, @{HOME}/.gtkrc-2.0 r, + @{HOME}/.gtk-bookmarks r, # from evolution-mail @{HOME}/.gconfd/lock/* r, @@ -43,3 +49,8 @@ # icon caches /var/cache/**/icon-theme.cache r, /usr/share/**/icon-theme.cache r, + + # gnome VFS modules + /etc/gnome-vfs-2.0/modules r, + /etc/gnome-vfs-2.0/modules/* r, + /usr/lib/gnome-vfs-2.0/modules/*.so mr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/gnupg new/apparmor-profiles-2.1/apparmor.d/abstractions/gnupg --- old/apparmor-profiles-2.1/apparmor.d/abstractions/gnupg 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/gnupg 2007-08-28 02:49:51.000000000 +0200 @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# gnupg sub-process running permissions + + # user configurations + @{HOME}/.gnupg/options r, + @{HOME}/.gnupg/pubring.gpg r, + @{HOME}/.gnupg/random_seed rw, + @{HOME}/.gnupg/secring.gpg r, + @{HOME}/.gnupg/so/*.x86_64 mr, + @{HOME}/.gnupg/trustdb.gpg rw, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/kde new/apparmor-profiles-2.1/apparmor.d/abstractions/kde --- old/apparmor-profiles-2.1/apparmor.d/abstractions/kde 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/kde 2007-08-29 01:39:52.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: kde 561 2007-04-10 23:31:50Z steve-beattie $ +# $Id: kde 950 2007-08-28 23:39:52Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -12,7 +12,9 @@ #include <abstractions/base> #include <abstractions/fonts> #include <abstractions/X> +#include <abstractions/freedesktop.org> #include <abstractions/user-tmp> + /etc/X11/kstylerc r, /etc/X11/qt_plugins_3.3rc r, /etc/X11/qtrc r, @@ -49,4 +51,3 @@ /usr/lib/qt3/plugins/** mr, /usr/share/YaST2/theme/** r, -/usr/share/pixmaps/ r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/kerberosclient new/apparmor-profiles-2.1/apparmor.d/abstractions/kerberosclient --- old/apparmor-profiles-2.1/apparmor.d/abstractions/kerberosclient 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/kerberosclient 2007-08-24 02:22:06.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: kerberosclient 692 2007-05-22 22:16:48Z seth_arnold $ +# $Id: kerberosclient 946 2007-08-24 00:22:06Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -29,3 +29,6 @@ /etc/krb.conf r, /etc/krb.realms r, /etc/srvtab r, + + # credential caches + /tmp/krb5cc* r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/nameservice new/apparmor-profiles-2.1/apparmor.d/abstractions/nameservice --- old/apparmor-profiles-2.1/apparmor.d/abstractions/nameservice 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/nameservice 2007-08-24 02:22:06.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: nameservice 933 2007-08-17 22:46:56Z DominicReynolds_ $ +# $Id: nameservice 946 2007-08-24 00:22:06Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -24,8 +24,8 @@ /etc/resolv.conf r, # on systems using resolvconf, /etc/resolv.conf is a symlink to - # /etc/resolvconf/run/resolv.conf - /etc/resolvconf/run/resolv.conf r, + # /var/run/resolvconf/resolv.conf + /var/run/resolvconf/resolv.conf r, /etc/samba/lmhosts r, /etc/services r, @@ -58,6 +58,9 @@ # mdnsd #include <abstractions/mdns> + # kerberos + #include <abstractions/kerberosclient> + # TCP/UDP network access network inet stream, network inet6 stream, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/nvidia new/apparmor-profiles-2.1/apparmor.d/abstractions/nvidia --- old/apparmor-profiles-2.1/apparmor.d/abstractions/nvidia 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/nvidia 2007-08-29 02:05:56.000000000 +0200 @@ -0,0 +1,12 @@ +# vim:syntax=apparmor +# nvidia access requirements + + # configuration queries + capability ipc_lock, + + # device files + /dev/nvidia0 rw, + /dev/nvidiactl rw, + + /proc/interrupts r, + /proc/sys/vm/max_map_count r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/orbit2 new/apparmor-profiles-2.1/apparmor.d/abstractions/orbit2 --- old/apparmor-profiles-2.1/apparmor.d/abstractions/orbit2 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/orbit2 2007-08-29 02:05:56.000000000 +0200 @@ -0,0 +1,5 @@ +# vim:syntax=apparmor +# orbit2 permissions + + # system library + /usr/lib/orbit-2.0/*.so mr, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/python new/apparmor-profiles-2.1/apparmor.d/abstractions/python --- old/apparmor-profiles-2.1/apparmor.d/abstractions/python 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/python 2007-08-29 02:05:56.000000000 +0200 @@ -1,4 +1,5 @@ -# $Id: python 559 2007-04-10 23:05:33Z agruen $ +# vim:syntax=apparmor +# $Id: python 951 2007-08-29 00:05:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -18,3 +19,16 @@ /usr/local/lib64/python2.[45]/site-packages/ r, /usr/local/lib/python2.[45]/**.{egg,py,pyc,pth,so} mr, /usr/local/lib/python2.[45]/site-packages/ r, + + # Site-wide configuration + /etc/python2.[45]/site.py r, + + # python-central paths + /usr/share/pycentral/** r, + /usr/share/python-support/** r, + /var/lib/python-support/** r, + /var/lib/python-support/**.so mr, + /usr/lib/python-support/**.so mr, + + # wx paths + /usr/lib/wx/python/*.pth r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/ssl_certs new/apparmor-profiles-2.1/apparmor.d/abstractions/ssl_certs --- old/apparmor-profiles-2.1/apparmor.d/abstractions/ssl_certs 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/ssl_certs 2007-08-24 01:49:11.000000000 +0200 @@ -0,0 +1,14 @@ +# $Id: ssl_certs 943 2007-08-23 23:49:11Z seth_arnold $ +# ------------------------------------------------------------------ +# +# Copyright (C) 2002-2005 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /etc/ssl/ r, + /etc/ssl/certs/ r, + /etc/ssl/certs/* r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/video new/apparmor-profiles-2.1/apparmor.d/abstractions/video --- old/apparmor-profiles-2.1/apparmor.d/abstractions/video 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/video 2007-08-29 02:05:56.000000000 +0200 @@ -0,0 +1,6 @@ +# vim:syntax=apparmor +# video device access + + # System devices + /sys/class/video4linux r, + /sys/class/video4linux/** r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/abstractions/X new/apparmor-profiles-2.1/apparmor.d/abstractions/X --- old/apparmor-profiles-2.1/apparmor.d/abstractions/X 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/abstractions/X 2007-08-24 02:26:49.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: X 90 2006-08-04 19:13:59Z seth_arnold $ +# $Id: X 948 2007-08-24 00:26:49Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE @@ -19,6 +19,9 @@ # the unix socket to use to connect to the display /tmp/.X11-unix/* w, - # The X tree changes and is large -- grant read access to the whole thing - /usr/X11R6/** r, - /usr/X11R6/**.so* mr, + + + /usr/share/X11/ r, + /usr/share/X11/** r, + /usr/include/X11/ r, + /usr/include/X11/** r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor.d/usr.sbin.nscd new/apparmor-profiles-2.1/apparmor.d/usr.sbin.nscd --- old/apparmor-profiles-2.1/apparmor.d/usr.sbin.nscd 2007-08-20 03:05:12.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor.d/usr.sbin.nscd 2007-08-24 02:23:06.000000000 +0200 @@ -1,5 +1,5 @@ # Last Modified: Wed Aug 15 10:55:46 2007 -# $Id: usr.sbin.nscd 933 2007-08-17 22:46:56Z DominicReynolds_ $ +# $Id: usr.sbin.nscd 947 2007-08-24 00:23:06Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE @@ -15,10 +15,12 @@ #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> + #include <abstractions/ssl_certs> capability net_bind_service, network inet dgram, + network inet stream, /etc/nscd.conf r, /tmp/.winbindd/pipe rw, @@ -28,9 +30,8 @@ /var/run/avahi-daemon/socket w, /var/run/nscd/ r, /var/run/nscd/db* wl, - /var/run/nscd/services rw, /var/run/nscd/socket wl, - /var/run/nscd/{passwd,group} w, + /var/run/nscd/{passwd,group,services,hosts} rw, /var/run/{nscd/,}nscd.pid rwl, @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/fd/* r, diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.1/apparmor-profiles.spec new/apparmor-profiles-2.1/apparmor-profiles.spec --- old/apparmor-profiles-2.1/apparmor-profiles.spec 2007-08-20 03:47:44.000000000 +0200 +++ new/apparmor-profiles-2.1/apparmor-profiles.spec 2007-08-29 02:07:35.000000000 +0200 @@ -24,9 +24,9 @@ Summary: AppArmor profiles Name: apparmor-profiles Version: 2.1 -Release: 935 +Release: 951 Group: Productivity/Security -Source0: %{name}-%{version}-935.tar.gz +Source0: %{name}-%{version}-951.tar.gz License: GPL BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build Url: http://forge.novell.com/modules/xfmod/project/?apparmor ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org