commit apparmor for openSUSE:Factory

Fri, 08 Mar 2013 00:07:34 -0800 

Hello community,

here is the log from the commit of package apparmor for openSUSE:Factory 
checked in at 2013-03-08 09:07:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.apparmor.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apparmor", Maintainer is "[email protected]"

Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes        2013-02-18 
13:45:25.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes   2013-03-08 
09:07:28.000000000 +0100
@@ -1,0 +2,6 @@
+Tue Mar  5 17:49:42 UTC 2013 - [email protected]
+
+- nscd profile: add missing permissions and deny capability block_suspend
+  (bnc#807104, apparmor-profiles-nscd.diff)
+
+-------------------------------------------------------------------

New:
----
  apparmor-profiles-nscd.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.4qU3SJ/_old  2013-03-08 09:07:30.000000000 +0100
+++ /var/tmp/diff_new_pack.4qU3SJ/_new  2013-03-08 09:07:30.000000000 +0100
@@ -70,6 +70,9 @@
 # changed paths for MySQL, add MariaDB support (bnc#798183, commited upstream 
2013-01-13, trunk r2104, 2.8 branch r2070)
 Patch3:         apparmor-abstractions-mysql-path.diff
 
+# nscd profile: add missing permissions and deny capability block_suspend 
(bnc#807104, commited upstream 2013-03-05, trunk r2109, 2.8 branch r2071)
+Patch4:         apparmor-profiles-nscd.diff
+
 # split a long string in AppArmor.pm. Not accepted upstream because they want 
a solution without hardcoded width.
 Patch5:         apparmor-utils-string-split
 
@@ -413,6 +416,7 @@
 %patch1 -p1
 %patch2 -p0
 %patch3 -p0
+%patch4 -p0
 %patch5 -p1
 %patch12 -p1
 



++++++ apparmor-profiles-nscd.diff ++++++
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd   2011-08-23 22:57:42 +0000
+++ profiles/apparmor.d/usr.sbin.nscd   2013-03-05 17:45:49 +0000
@@ -16,6 +16,7 @@
   #include <abstractions/nameservice>
   #include <abstractions/ssl_certs>
 
+  deny capability block_suspend,
   capability net_bind_service,
   capability setgid,
   capability setuid,
@@ -31,9 +32,9 @@
   /{,var/}run/.nscd_socket wl,
   /{,var/}run/avahi-daemon/socket w,
   /{,var/}run/nscd/ rw,
-  /{,var/}run/nscd/db* wl,
+  /{,var/}run/nscd/db* rwl,
   /{,var/}run/nscd/socket wl,
-  /var/{cache,run}/nscd/{passwd,group,services,hosts} rw,
+  /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
   /{,var/}run/{nscd/,}nscd.pid rwl,
   /var/log/nscd.log rw,
   @{PROC}/[0-9]*/fd/ r,
@@ -41,6 +42,7 @@
   @{PROC}/[0-9]*/maps r,
   @{PROC}/[0-9]*/mounts r,
   @{PROC}/filesystems r,
+  @{PROC}/sys/vm/overcommit_memory r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.sbin.nscd>

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to