Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2011-11-28 12:52:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2011-11-02 11:44:02.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2011-11-28 12:52:51.000000000 +0100 @@ -1,0 +2,25 @@ +Sat Nov 26 21:52:31 UTC 2011 - [email protected] + +- package subdomain.conf only in -parser, not in -utils package +- package libapparmor.so and libimmunix.so only in libapparmor-devel, + not in libapparmor1 +- make Provides for perl-libapparmor versioned to avoid self-Obsoletes +- move libapparmor.a and libimmunix.a from libapparmor1 to + libapparmor-devel package + +------------------------------------------------------------------- +Thu Nov 10 20:16:24 UTC 2011 - [email protected] + +- update to AppArmor 2.7.0 rc2 + Most of the changes since rc1 were already included as patches. + Additional changes: + - fix logprof/genprof to recognize "mknod" in audit.log + - fix libapparmor python bindings to compile with python 3 + - fix wrong status message in initscript if apparmor-utils are not installed + - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS + - fix some warnings in utils/Makefile +- remove 4 upstreamed patches +- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now +- update line numbers in 2 patches + +------------------------------------------------------------------- Old: ---- apparmor-2.5.1-ldapclient-profile apparmor-2.7.0rc1-aa-notify-better-error-message.diff apparmor-2.7.rc1.tar.gz apparmor-abstractions-winbind-64bit.diff apparmor-samba-vfs-objects.diff New: ---- apparmor-2.7.rc2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.YJ5HHI/_old 2011-11-28 12:52:55.000000000 +0100 +++ /var/tmp/diff_new_pack.YJ5HHI/_new 2011-11-28 12:52:55.000000000 +0100 @@ -43,9 +43,9 @@ %if ! %{?distro:1}0 %define distro suse %endif -Version: 2.7.rc1 +Version: 2.7.rc2 Release: 1 -%define versiondir 2.7.0~rc1 +%define versiondir 2.7.0~rc2 Summary: AppArmor userlevel parser utility Group: Productivity/Networking/Security Source0: apparmor-%{version}.tar.gz @@ -53,21 +53,12 @@ Source2: %{name}-profile-editor.desktop Source3: update-trans.sh -# more helpful error message for "aa-notify -p" if the user is not in the configured group. Commited upstream after 2.7rc1. -Patch: apparmor-2.7.0rc1-aa-notify-better-error-message.diff - # enable caching of profiles (= massive performance speedup when loading profiles) Patch1: apparmor-enable-profile-cache.diff # include autogenerated profile sniplet for samba shares (bnc#688040) Patch2: apparmor-samba-include-permissions-for-shares.diff -# allow samba "vfs objects" (bnc#725967). Commited upstream after 2.7rc1. -Patch3: apparmor-samba-vfs-objects.diff - -# make abstractions/winbind working on 64bit systems. Commited upstream after 2.7rc1. -Patch4: apparmor-abstractions-winbind-64bit.diff - # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width. Patch5: apparmor-utils-string-split @@ -78,8 +69,6 @@ # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile -# split ldap related things from abstractions/nameservice to abstractions/ldapclient and add sasl support. Commited upstream after 2.7rc1. -Patch13: apparmor-2.5.1-ldapclient-profile # obsolete, upstream implemented this in another way Patch15: apparmor-remove-repo @@ -246,7 +235,7 @@ Requires: perl(RPC::XML) Requires: perl(Term::ReadKey) Requires: perl(Term::ReadKey) -Provides: perl-libapparmor +Provides: perl-libapparmor = %{version} Obsoletes: perl-libapparmor < 2.5 %description -n perl-apparmor @@ -412,16 +401,12 @@ %prep %setup -q -n %{name}-%{versiondir} -%patch -p0 %patch1 -p1 %patch2 -p0 -%patch3 -p0 -%patch4 -p0 %patch5 -p1 #%patch10 -p1 # disabled, see above #%patch11 -p1 # disabled, see above %patch12 -p1 -%patch13 -p1 #%patch15 -p1 # obsolete, see above %patch21 -p1 @@ -505,7 +490,6 @@ mkdir -p %{buildroot}%{_localstatedir}/log/apparmor %makeinstall -C profiles -mkdir %{buildroot}%{_sysconfdir}/apparmor.d/disable %makeinstall -C parser # default cache dir is /etc/apparmor.d/cache - not the best location. @@ -606,14 +590,13 @@ %files -n libapparmor1 %defattr(-,root,root) -%{_libdir}/libapparmor.so* -%{_libdir}/libimmunix.so* -# not sure about the correct package for *.a files... -%{_libdir}/libapparmor.a -%{_libdir}/libimmunix.a +%{_libdir}/libapparmor.so.* +%{_libdir}/libimmunix.so.* %files -n libapparmor-devel %defattr(-,root,root) +%{_libdir}/libapparmor.a +%{_libdir}/libimmunix.a %{_libdir}/libapparmor.so %{_libdir}/libimmunix.so %doc %{_mandir}/man2/aa_change_hat.2.gz @@ -642,7 +625,6 @@ %config(noreplace) %{_sysconfdir}/apparmor/logprof.conf %config(noreplace) %{_sysconfdir}/apparmor/notify.conf %config(noreplace) %{_sysconfdir}/apparmor/severity.db -%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf %{_sbindir}/* %dir %{_localstatedir}/log/apparmor %doc %{_mandir}/man2/aa_change_profile.2.gz ++++++ apparmor-2.5.1-edirectory-profile ++++++ --- /var/tmp/diff_new_pack.YJ5HHI/_old 2011-11-28 12:52:55.000000000 +0100 +++ /var/tmp/diff_new_pack.YJ5HHI/_new 2011-11-28 12:52:55.000000000 +0100 @@ -17,7 +17,7 @@ --- a/profiles/apparmor.d/abstractions/nameservice +++ b/profiles/apparmor.d/abstractions/nameservice -@@ -72,6 +72,9 @@ +@@ -70,6 +70,9 @@ # kerberos #include <abstractions/kerberosclient> ++++++ apparmor-2.7.rc1.tar.gz -> apparmor-2.7.rc2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/common/.stamp_rev new/apparmor-2.7.0~rc2/common/.stamp_rev --- old/apparmor-2.7.0~rc1/common/.stamp_rev 2011-10-13 02:29:56.000000000 +0200 +++ new/apparmor-2.7.0~rc2/common/.stamp_rev 2011-11-10 18:52:32.000000000 +0100 @@ -1 +1 @@ -lp:apparmor 1839 +lp:apparmor 1850 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/common/Version new/apparmor-2.7.0~rc2/common/Version --- old/apparmor-2.7.0~rc1/common/Version 2011-10-13 01:45:45.000000000 +0200 +++ new/apparmor-2.7.0~rc2/common/Version 2011-11-10 18:51:18.000000000 +0100 @@ -1 +1 @@ -2.7.0~rc1 +2.7.0~rc2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/output.0 new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/output.0 --- old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/output.0 2011-10-13 02:29:59.000000000 +0200 +++ new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/output.0 2011-11-10 18:52:34.000000000 +0100 @@ -2683,7 +2683,7 @@ # Define the identity of the package. PACKAGE=libapparmor1 - VERSION=2.7.0~rc1 + VERSION=2.7.0~rc2 cat >>confdefs.h <<_ACEOF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/output.1 new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/output.1 --- old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/output.1 2011-10-13 02:30:00.000000000 +0200 +++ new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/output.1 2011-11-10 18:52:35.000000000 +0100 @@ -2683,7 +2683,7 @@ # Define the identity of the package. PACKAGE=libapparmor1 - VERSION=2.7.0~rc1 + VERSION=2.7.0~rc2 cat >>confdefs.h <<_ACEOF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/traces.0 new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/traces.0 --- old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/traces.0 2011-10-13 02:29:59.000000000 +0200 +++ new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/traces.0 2011-11-10 18:52:34.000000000 +0100 @@ -2374,7 +2374,7 @@ m4trace:configure.in:6: -1- m4_pattern_allow([^build_alias$]) m4trace:configure.in:6: -1- m4_pattern_allow([^host_alias$]) m4trace:configure.in:6: -1- m4_pattern_allow([^target_alias$]) -m4trace:configure.in:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [2.7.0~rc1]) +m4trace:configure.in:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [2.7.0~rc2]) m4trace:configure.in:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$]) m4trace:configure.in:8: -1- AM_SET_CURRENT_AUTOMAKE_VERSION m4trace:configure.in:8: -1- AM_AUTOMAKE_VERSION([1.11.1]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/traces.1 new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/traces.1 --- old/apparmor-2.7.0~rc1/libraries/libapparmor/autom4te.cache/traces.1 2011-10-13 02:30:00.000000000 +0200 +++ new/apparmor-2.7.0~rc2/libraries/libapparmor/autom4te.cache/traces.1 2011-11-10 18:52:35.000000000 +0100 @@ -148,7 +148,7 @@ m4trace:configure.in:6: -1- AC_SUBST([target_alias]) m4trace:configure.in:6: -1- AC_SUBST_TRACE([target_alias]) m4trace:configure.in:6: -1- m4_pattern_allow([^target_alias$]) -m4trace:configure.in:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [2.7.0~rc1]) +m4trace:configure.in:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [2.7.0~rc2]) m4trace:configure.in:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$]) m4trace:configure.in:8: -1- AM_AUTOMAKE_VERSION([1.11.1]) m4trace:configure.in:8: -1- AC_REQUIRE_AUX_FILE([install-sh]) @@ -171,7 +171,7 @@ m4trace:configure.in:8: -1- AC_SUBST([PACKAGE], [libapparmor1]) m4trace:configure.in:8: -1- AC_SUBST_TRACE([PACKAGE]) m4trace:configure.in:8: -1- m4_pattern_allow([^PACKAGE$]) -m4trace:configure.in:8: -1- AC_SUBST([VERSION], [2.7.0~rc1]) +m4trace:configure.in:8: -1- AC_SUBST([VERSION], [2.7.0~rc2]) m4trace:configure.in:8: -1- AC_SUBST_TRACE([VERSION]) m4trace:configure.in:8: -1- m4_pattern_allow([^VERSION$]) m4trace:configure.in:8: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/libraries/libapparmor/configure new/apparmor-2.7.0~rc2/libraries/libapparmor/configure --- old/apparmor-2.7.0~rc1/libraries/libapparmor/configure 2011-10-13 02:30:00.000000000 +0200 +++ new/apparmor-2.7.0~rc2/libraries/libapparmor/configure 2011-11-10 18:52:36.000000000 +0100 @@ -2683,7 +2683,7 @@ # Define the identity of the package. PACKAGE=libapparmor1 - VERSION=2.7.0~rc1 + VERSION=2.7.0~rc2 cat >>confdefs.h <<_ACEOF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/libraries/libapparmor/swig/python/setup.py.in new/apparmor-2.7.0~rc2/libraries/libapparmor/swig/python/setup.py.in --- old/apparmor-2.7.0~rc1/libraries/libapparmor/swig/python/setup.py.in 2011-02-24 08:34:36.000000000 +0100 +++ new/apparmor-2.7.0~rc2/libraries/libapparmor/swig/python/setup.py.in 2011-11-10 18:22:09.000000000 +0100 @@ -13,7 +13,7 @@ ext_package = 'LibAppArmor', ext_modules = [Extension('_LibAppArmor', ['libapparmor_wrap.c'], include_dirs=['@top_srcdir@/src'], - extra_link_args = string.split('-L@top_builddir@/src/.libs -lapparmor'), -# static: extra_link_args = string.split('@top_builddir@/src/.libs/libapparmor.a'), + extra_link_args = '-L@top_builddir@/src/.libs -lapparmor'.split(), +# static: extra_link_args = '@top_builddir@/src/.libs/libapparmor.a'.split(), )], ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/parser/Makefile new/apparmor-2.7.0~rc2/parser/Makefile --- old/apparmor-2.7.0~rc1/parser/Makefile 2011-10-07 23:43:54.000000000 +0200 +++ new/apparmor-2.7.0~rc2/parser/Makefile 2011-11-10 18:36:52.000000000 +0100 @@ -115,7 +115,7 @@ export Q VERBOSE BUILD_OUTPUT po/${NAME}.pot: ${SRCS} ${HDRS} - make -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${HDRS}" + $(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${HDRS}" techdoc.pdf: techdoc.tex while pdflatex $< ${BUILD_OUTPUT} || exit 1 ; \ @@ -141,7 +141,7 @@ docs: manpages htmlmanpages pdf indep: docs - $(Q)make -C po all + $(Q)$(MAKE) -C po all all: arch indep @@ -149,10 +149,10 @@ .PHONY: libstdc++.a libstdc++.a: rm -f ./libstdc++.a - ln -s `g++ -print-file-name=libstdc++.a` + ln -s `$(CXX) -print-file-name=libstdc++.a` apparmor_parser: $(OBJECTS) $(AAREOBJECTS) - g++ $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \ + $(CXX) $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \ ${LEXLIB} $(AAREOBJECTS) $(AARE_LDFLAGS) parser_yacc.c parser_yacc.h: parser_yacc.y parser.h @@ -231,13 +231,13 @@ .SILENT: tests tests: apparmor_parser ${TESTS} sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test}; done' - $(Q)make -s -C tst tests + $(Q)$(MAKE) -s -C tst tests # always need to rebuild. .SILENT: $(AAREOBJECT) .PHONY: $(AAREOBJECT) $(AAREOBJECT): - make -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)" + $(MAKE) -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)" .PHONY: install-rhel4 install-rhel4: install-redhat @@ -289,8 +289,8 @@ install -m 755 -d ${DESTDIR}/var/lib/apparmor install -m 755 -d $(APPARMOR_BIN_PREFIX) install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX) - make -C po install NAME=${NAME} DESTDIR=${DESTDIR} - make install_manpages DESTDIR=${DESTDIR} + $(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR} + $(MAKE) install_manpages DESTDIR=${DESTDIR} .SILENT: clean .PHONY: clean @@ -304,11 +304,11 @@ rm -f af_names.h rm -f cap_names.h rm -rf techdoc.aux techdoc.log techdoc.pdf techdoc.toc techdor.txt techdoc/ - make -s -C $(AAREDIR) clean - make -s -C po clean - make -s -C tst clean + $(MAKE) -s -C $(AAREDIR) clean + $(MAKE) -s -C po clean + $(MAKE) -s -C tst clean .SILENT: dist_clean dist_clean: - @make clean + @$(MAKE) clean @rm -f $(LEX_C_FILES) $(YACC_C_FILES) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/parser/rc.apparmor.functions new/apparmor-2.7.0~rc2/parser/rc.apparmor.functions --- old/apparmor-2.7.0~rc1/parser/rc.apparmor.functions 2011-10-12 00:45:11.000000000 +0200 +++ new/apparmor-2.7.0~rc2/parser/rc.apparmor.functions 2011-11-10 18:43:10.000000000 +0100 @@ -525,11 +525,11 @@ ${SD_STATUS} --verbose return $? fi - if ! is_apparmor_present apparmor subdomain ; then + if ! is_apparmor_loaded ; then echo "AppArmor is not loaded." rc=1 else - echo "AppArmor is enabled," + echo "AppArmor is enabled." rc=0 fi echo "Install the apparmor-utils package to receive more detailed" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/profiles/Makefile new/apparmor-2.7.0~rc2/profiles/Makefile --- old/apparmor-2.7.0~rc1/profiles/Makefile 2011-03-24 00:10:33.000000000 +0100 +++ new/apparmor-2.7.0~rc2/profiles/Makefile 2011-10-20 00:23:19.000000000 +0200 @@ -52,6 +52,7 @@ install -m 755 -d ${PROFILES_DEST} install -m 755 -d ${PROFILES_DEST}/abstractions \ ${PROFILES_DEST}/apache2.d \ + ${PROFILES_DEST}/disable \ ${PROFILES_DEST}/program-chunks \ ${PROFILES_DEST}/tunables \ ${PROFILES_DEST}/tunables/home.d \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/profiles/apparmor.d/abstractions/ldapclient new/apparmor-2.7.0~rc2/profiles/apparmor.d/abstractions/ldapclient --- old/apparmor-2.7.0~rc1/profiles/apparmor.d/abstractions/ldapclient 1970-01-01 01:00:00.000000000 +0100 +++ new/apparmor-2.7.0~rc2/profiles/apparmor.d/abstractions/ldapclient 2011-11-01 17:08:37.000000000 +0100 @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2011 Novell/SUSE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + # files required by LDAP clients (e.g. nss_ldap/pam_ldap) + /etc/ldap.conf r, + /etc/ldap.secret r, + /etc/openldap/* r, + /etc/openldap/cacerts/* r, + + # SASL plugins and config + /etc/sasl2/* r, + /usr/lib{,32,64}/sasl2/* r, + + #include <abstractions/ssl_certs> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/profiles/apparmor.d/abstractions/nameservice new/apparmor-2.7.0~rc2/profiles/apparmor.d/abstractions/nameservice --- old/apparmor-2.7.0~rc1/profiles/apparmor.d/abstractions/nameservice 2011-07-14 14:57:57.000000000 +0200 +++ new/apparmor-2.7.0~rc2/profiles/apparmor.d/abstractions/nameservice 2011-11-01 17:08:37.000000000 +0100 @@ -16,8 +16,6 @@ /etc/group r, /etc/host.conf r, /etc/hosts r, - /etc/ldap.conf r, - /etc/ldap.secret r, /etc/nsswitch.conf r, /etc/gai.conf r, /etc/passwd r, @@ -32,9 +30,6 @@ /etc/samba/lmhosts r, /etc/services r, - # all openldap config - /etc/openldap/* r, - /etc/ldap/** r, # db backend /var/lib/misc/*.db r, # The Name Service Cache Daemon can cache lookups, sometimes leading @@ -60,6 +55,9 @@ # nis #include <abstractions/nis> + # ldap + #include <abstractions/ldapclient> + # winbind #include <abstractions/winbind> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/profiles/apparmor.d/abstractions/winbind new/apparmor-2.7.0~rc2/profiles/apparmor.d/abstractions/winbind --- old/apparmor-2.7.0~rc1/profiles/apparmor.d/abstractions/winbind 2010-12-20 21:29:10.000000000 +0100 +++ new/apparmor-2.7.0~rc2/profiles/apparmor.d/abstractions/winbind 2011-11-01 18:35:29.000000000 +0100 @@ -13,7 +13,7 @@ /tmp/.winbindd/pipe rw, /var/{lib,run}/samba/winbindd_privileged/pipe rw, /etc/samba/smb.conf r, - /usr/lib/samba/valid.dat r, - /usr/lib/samba/upcase.dat r, - /usr/lib/samba/lowcase.dat r, + /usr/lib*/samba/valid.dat r, + /usr/lib*/samba/upcase.dat r, + /usr/lib*/samba/lowcase.dat r, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/profiles/apparmor.d/usr.sbin.smbd new/apparmor-2.7.0~rc2/profiles/apparmor.d/usr.sbin.smbd --- old/apparmor-2.7.0~rc1/profiles/apparmor.d/usr.sbin.smbd 2011-08-27 20:50:42.000000000 +0200 +++ new/apparmor-2.7.0~rc2/profiles/apparmor.d/usr.sbin.smbd 2011-11-01 18:28:49.000000000 +0100 @@ -24,6 +24,7 @@ /etc/printcap r, /proc/*/mounts r, /proc/sys/kernel/core_pattern r, + /usr/lib*/samba/vfs/*.so mr, /usr/sbin/smbd mr, /etc/samba/* rwk, /var/cache/samba/** rwk, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/utils/Immunix/AppArmor.pm new/apparmor-2.7.0~rc2/utils/Immunix/AppArmor.pm --- old/apparmor-2.7.0~rc1/utils/Immunix/AppArmor.pm 2011-08-19 01:29:48.000000000 +0200 +++ new/apparmor-2.7.0~rc2/utils/Immunix/AppArmor.pm 2011-11-09 04:06:49.000000000 +0100 @@ -2860,6 +2860,7 @@ } elsif ($e->{operation} eq "open" || $e->{operation} eq "truncate" || $e->{operation} eq "mkdir" || + $e->{operation} eq "mknod" || $e->{operation} eq "rename_src" || $e->{operation} eq "rename_dest" || $e->{operation} =~ m/^(unlink|rmdir|symlink_create|link)$/) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/utils/Makefile new/apparmor-2.7.0~rc2/utils/Makefile --- old/apparmor-2.7.0~rc1/utils/Makefile 2011-09-15 20:17:58.000000000 +0200 +++ new/apparmor-2.7.0~rc2/utils/Makefile 2011-11-10 18:27:29.000000000 +0100 @@ -36,7 +36,7 @@ MANPAGES = ${TOOLS:=.8} logprof.conf.5 all: ${MANPAGES} ${HTMLMANPAGES} - make -C po all + $(MAKE) -C po all # need some better way of determining this DESTDIR=/ @@ -46,7 +46,7 @@ PERLDIR=${DESTDIR}${VENDOR_PERL}/${MODDIR} po/${NAME}.pot: ${TOOLS} - make -C po ${NAME}.pot NAME=${NAME} SOURCES="${TOOLS} ${MODULES}" + $(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${TOOLS} ${MODULES}" .PHONY: install install: ${MANPAGES} ${HTMLMANPAGES} @@ -57,8 +57,8 @@ install -m 755 ${TOOLS} ${BINDIR} install -d ${PERLDIR} install -m 644 ${MODULES} ${PERLDIR} - make -C po install DESTDIR=${DESTDIR} NAME=${NAME} - make install_manpages DESTDIR=${DESTDIR} + $(MAKE) -C po install DESTDIR=${DESTDIR} NAME=${NAME} + $(MAKE) install_manpages DESTDIR=${DESTDIR} ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8 .PHONY: clean @@ -66,7 +66,7 @@ clean: _clean rm -f core core.* *.o *.s *.a *~ rm -f Make.rules - make -C po clean + $(MAKE) -C po clean check: for i in ${MODULES} ${PERLTOOLS} ; do \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apparmor-2.7.0~rc1/utils/aa-notify new/apparmor-2.7.0~rc2/utils/aa-notify --- old/apparmor-2.7.0~rc1/utils/aa-notify 2011-10-12 13:08:25.000000000 +0200 +++ new/apparmor-2.7.0~rc2/utils/aa-notify 2011-10-20 00:20:02.000000000 +0200 @@ -151,7 +151,7 @@ if (defined($prefs{use_group})) { my ($name, $passwd, $gid, $members) = getgrnam($prefs{use_group}); if (not defined($members) or not defined($login) or (not grep { $_ eq $login } split(/ /, $members) and $login ne "root")) { - _error("'$login' must be in '$prefs{use_group}' group. Aborting"); + _error("'$login' must be in '$prefs{use_group}' group. Aborting.\nAsk your admin to add you to this group or to change the group in\n$conf if you want to use aa-notify."); } } } ++++++ apparmor-samba-include-permissions-for-shares.diff ++++++ --- /var/tmp/diff_new_pack.YJ5HHI/_old 2011-11-28 12:52:56.000000000 +0100 +++ /var/tmp/diff_new_pack.YJ5HHI/_new 2011-11-28 12:52:56.000000000 +0100 @@ -20,7 +20,7 @@ === modified file 'profiles/apparmor.d/usr.sbin.smbd' --- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000 +++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000 -@@ -40,6 +40,10 @@ +@@ -41,6 +41,10 @@ @{HOMEDIRS}/** lrwk, -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
