Hello community,
here is the log from the commit of package apparmor for openSUSE:Factory
checked in at Tue Jan 18 13:50:57 CET 2011.
--------
--- apparmor/apparmor.changes 2011-01-10 19:28:48.000000000 +0100
+++ apparmor/apparmor.changes 2011-01-18 11:55:47.000000000 +0100
@@ -1,0 +2,15 @@
+Tue Jan 18 10:51:33 UTC 2011 - coolo@novell.com
+
+- fix rm call for nscd profile to avoid file conflict
+
+-------------------------------------------------------------------
+Tue Jan 11 15:24:16 CET 2011 - jeffm@suse.de
+
+- profiles: Add openssl abstraction (bnc#623886).
+
+-------------------------------------------------------------------
+Tue Jan 11 15:12:45 CET 2011 - jeffm@suse.de
+
+- Added support for sys_nice to ntpd profile (bnc#657054).
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
apparmor-2.5.1-ntpd-sys_nice
apparmor-2.5.1-ssl-fix
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.0vH8wV/_old 2011-01-18 13:50:43.000000000 +0100
+++ /var/tmp/diff_new_pack.0vH8wV/_new 2011-01-18 13:50:43.000000000 +0100
@@ -46,7 +46,7 @@
%endif
Summary: AppArmor userlevel parser utility
Version: 2.5.1
-Release: 1
+Release: 2
Group: Productivity/Networking/Security
Source0: apparmor-%{version}.tar.bz2
Source1: %{name}-profile-editor.png
@@ -85,6 +85,8 @@
Patch30: apparmor-2.5.1-ldapclient-profile
Patch31: apparmor-utils-support-newer-auditd-formatted-messages
Patch32: fix-two-x-transition-conflict-bugs
+Patch33: apparmor-2.5.1-ntpd-sys_nice
+Patch34: apparmor-2.5.1-ssl-fix
License: GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: https://launchpad.net/apparmor
@@ -485,6 +487,8 @@
%patch30 -p1
%patch31 -p1
%patch32 -p1
+%patch33 -p1
+%patch34 -p1
%build
export SUSE_ASNEEDED=0
@@ -585,7 +589,7 @@
done
# Clean up profiles that are provided by other packages now
-rm -f $RPM_BUILD_DIR%{_sysconfdir}/apparmor.d/usr.sbin.nscd
+rm $RPM_BUILD_ROOT%{_sysconfdir}/apparmor.d/usr.sbin.nscd
%clean
rm -rf $RPM_BUILD_ROOT
++++++ apparmor-2.5.1-ntpd-sys_nice ++++++
From: Jeff Mahoney
Subject: profile: ntpd -N needs sys_nice
References: bnc#657054
ntpd -N allows the administrator to increase or decrease priority of the
ntp server. Since the profile doesn't allow it, the operation is denied.
This patch adds support for that operation.
Signed-off-by: Jeff Mahoney
---
profiles/apparmor.d/usr.sbin.ntpd | 1 +
1 file changed, 1 insertion(+)
--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -25,6 +25,7 @@
capability sys_chroot,
capability sys_resource,
capability sys_time,
+ capability sys_nice,
network inet dgram,
network inet stream,
++++++ apparmor-2.5.1-ssl-fix ++++++
From: Jeff Mahoney
Subject: profiles: Add openssl abstraction
References: bnc#623886
Profiles that use openssl have been adding the openssl files piecemeal.
This patch creates a new openssl abstraction that can be inherited by
all profiles that use it.
Signed-off-by: Jeff Mahoney
---
profiles/apparmor.d/abstractions/openssl | 4 ++++
profiles/apparmor.d/abstractions/ssl_certs | 4 ++++
profiles/apparmor/profiles/extras/usr.lib.postfix.smtp | 2 +-
profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd | 2 +-
profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork | 2 +-
profiles/apparmor/profiles/extras/usr.sbin.imapd | 2 +-
profiles/apparmor/profiles/extras/usr.sbin.ipop2d | 2 +-
profiles/apparmor/profiles/extras/usr.sbin.ipop3d | 2 +-
8 files changed, 14 insertions(+), 6 deletions(-)
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/openssl
@@ -0,0 +1,4 @@
+
+ /etc/ssl/openssl.cnf r,
+ /usr/share/ssl/openssl.cnf r,
+
--- a/profiles/apparmor.d/abstractions/ssl_certs
+++ b/profiles/apparmor.d/abstractions/ssl_certs
@@ -15,3 +15,7 @@
/etc/ssl/certs/* r,
/usr/share/ca-certificates/ r,
/usr/share/ca-certificates/** r,
+ /usr/share/ssl/certs/ca-bundle.crt r,
+
+ /usr/share/ca-certificates/mozilla/ r,
+ /usr/share/ca-certificates/mozilla/* r,
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
@@ -16,6 +16,7 @@
#include
#include
#include
+ #include
capability dac_override,
capability dac_read_search,
@@ -39,7 +40,6 @@
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/prng_exch rw,
/usr/share/ssl/certs/ca-bundle.crt r,
- /usr/share/ssl/openssl.cnf r,
/etc/postfix/virtual.db r,
/etc/postfix/sasl_passwd.db r,
/etc/mtab r,
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
+++ b/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
@@ -16,6 +16,7 @@
#include
#include
#include
+ #include
capability dac_override,
capability dac_read_search,
@@ -44,7 +45,6 @@
/usr/lib/sasl2/* mr,
/usr/share/ssl/certs/ca-bundle.crt r,
- /usr/share/ssl/openssl.cnf r,
/{var/spool/postfix/,}pid/inet.* rw,
/{var/spool/postfix/,}private/anvil w,
--- a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
+++ b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
@@ -18,6 +18,7 @@
#include
#include
#include
+ #include
capability kill,
capability net_bind_service,
@@ -84,7 +85,6 @@
/usr/share/snmp/mibs r,
/usr/share/snmp/mibs/*.{txt,mib} r,
/usr/share/snmp/mibs/.index wr,
- /usr/share/ssl/openssl.cnf r,
/var/lock/httpd2.lock.* wl,
/var/log/apache2/* rwl,
/var/log/httpd/ssl_scache.dir r,
--- a/profiles/apparmor/profiles/extras/usr.sbin.imapd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.imapd
@@ -16,10 +16,10 @@
#include
#include
#include
+ #include
/dev/urandom r,
/tmp/* rwl,
/usr/sbin/imapd r,
/usr/share/ssl/certs/imapd.pem r,
- /usr/share/ssl/openssl.cnf r,
}
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
@@ -16,10 +16,10 @@
#include
#include
#include
+ #include
/dev/urandom r ,
/tmp/.* rwl ,
/usr/sbin/ipop2d rmix,
/usr/share/ssl/certs/ipop2d.pem r ,
- /usr/share/ssl/openssl.cnf r ,
}
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
@@ -16,10 +16,10 @@
#include
#include
#include
+ #include
/dev/urandom r ,
/tmp/.* rwl ,
/usr/sbin/ipop3d rmix,
/usr/share/ssl/certs/ipop3d.pem r ,
- /usr/share/ssl/openssl.cnf r ,
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org