Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2014-07-16 16:37:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2014-04-18 15:52:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2014-07-16 16:37:28.000000000 +0200 @@ -1,0 +2,27 @@ +Thu Jul 3 14:45:14 UTC 2014 - [email protected] + +- add apparmor-profiles-clustered-samba.diff to permit clustered Samba + access to CTDB socket and databases (bnc#885317) + +------------------------------------------------------------------- +Wed Jul 2 10:30:43 UTC 2014 - [email protected] + +- fix problems with dovecot and managesieve + * usr.lib.dovecot.managesieve-login: network inet6 stream + * usr.lib.dovecot.managesieve: + +#include <tunables/dovecot> + /usr/lib/dovecot/managesieve { + #include <abstractions/base> + + capability setgid, + + capability setuid, + + network inet stream, + + network inet6 stream, + + @{DOVECOT_MAILSTORE}/ rw, + + @{DOVECOT_MAILSTORE}/** rwkl, + +------------------------------------------------------------------- +Fri Jun 27 17:47:40 UTC 2014 - [email protected] + +- add #include <abstractions/wutmp> to usr.lib.dovecot.auth + +------------------------------------------------------------------- New: ---- apparmor-profiles-clustered-samba.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.qUKIM9/_old 2014-07-16 16:37:30.000000000 +0200 +++ /var/tmp/diff_new_pack.qUKIM9/_new 2014-07-16 16:37:30.000000000 +0200 @@ -2,6 +2,7 @@ # spec file for package apparmor # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011-2014 Christian Boltz # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -106,7 +107,7 @@ # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile -# update dovecot profiles for dovecot 2.x (bnc#851984 - commited upstream trunk r2354, r2356, [updated patch] r2359) +# update dovecot profiles for dovecot 2.x (bnc#851984 - commited upstream trunk r2354, r2356, [updated patch] r2359, [updated patch] r2549) Patch17: apparmor-profiles-dovecot-bnc851984.diff # create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7 @@ -119,6 +120,9 @@ # commited upstream trunk r2323, 2.8 branch r2110 - updated version commited trunk r2385, 2.8 r2123 Patch23: apparmor-2.8.2-nm-dnsmasq-config.patch +# Permit clustered Samba access to CTDB socket and databases (bnc#885317, commited upstream trunk r2556 - TODO: merge into 2.8 branch) +Patch24: apparmor-profiles-clustered-samba.diff + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -502,6 +506,8 @@ %patch23 %endif +%patch24 + # profile for winbindd (bnc#748499, commited upstream trunk r2078, updated in trunk r2328) test ! -e profiles/apparmor.d/usr.sbin.winbindd cp %{SOURCE10} profiles/apparmor.d/ ++++++ apparmor-profiles-clustered-samba.diff ++++++ === modified file 'profiles/apparmor.d/abstractions/samba' --- profiles/apparmor.d/abstractions/samba 2013-12-23 21:15:47 +0000 +++ profiles/apparmor.d/abstractions/samba 2014-07-04 10:03:10 +0000 @@ -20,3 +20,5 @@ /{,var/}run/samba/ w, /{,var/}run/samba/*.tdb rw, + # required for clustering + /var/lib/ctdb/** rwk, ++++++ apparmor-profiles-dovecot-bnc851984.diff ++++++ --- /var/tmp/diff_new_pack.qUKIM9/_old 2014-07-16 16:37:30.000000000 +0200 +++ /var/tmp/diff_new_pack.qUKIM9/_new 2014-07-16 16:37:30.000000000 +0200 @@ -143,13 +143,14 @@ =================================================================== --- profiles/apparmor.d/usr.lib.dovecot.managesieve-login.orig 2011-07-14 14:57:57.000000000 +0200 +++ profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2014-01-26 15:48:52.228261212 +0100 -@@ -1,4 +1,15 @@ +@@ -1,6 +1,19 @@ -# Author: Dulmandakh Sukhbaatar <[email protected]> +# ------------------------------------------------------------------ +# +# Copyright (c) 2009 Dulmandakh Sukhbaatar <[email protected]> +# Copyright (C) 2009-2011 Canonical Ltd. +# Copyright (C) 2013 Christian Boltz ++# Copyright (C) 2014 Christian Wittmer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public @@ -159,7 +160,18 @@ +# vim: ft=apparmor #include <tunables/global> ++ /usr/lib/dovecot/managesieve-login { + #include <abstractions/base> + #include <abstractions/ssl_certs> +@@ -11,6 +24,7 @@ + capability sys_chroot, + + network inet stream, ++ network inet6 stream, + + /usr/lib/dovecot/managesieve-login mr, + /{,var/}run/dovecot/login/ r, Index: profiles/apparmor.d/usr.lib.dovecot.pop3 =================================================================== --- profiles/apparmor.d/usr.lib.dovecot.pop3.orig 2011-08-27 01:12:10.000000000 +0200 ++++++ usr.lib.dovecot.auth ++++++ --- /var/tmp/diff_new_pack.qUKIM9/_old 2014-07-16 16:37:30.000000000 +0200 +++ /var/tmp/diff_new_pack.qUKIM9/_new 2014-07-16 16:37:30.000000000 +0200 @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2013 Christian Boltz +# Copyright (C) 2014 Christian Wittmer # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,6 +17,7 @@ #include <abstractions/base> #include <abstractions/mysql> #include <abstractions/nameservice> + #include <abstractions/wutmp> deny capability block_suspend, ++++++ usr.lib.dovecot.managesieve ++++++ --- /var/tmp/diff_new_pack.qUKIM9/_old 2014-07-16 16:37:30.000000000 +0200 +++ /var/tmp/diff_new_pack.qUKIM9/_new 2014-07-16 16:37:30.000000000 +0200 @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2013 Christian Boltz +# Copyright (C) 2014 Christian Wittmer # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -10,10 +11,20 @@ # vim: ft=apparmor #include <tunables/global> +#include <tunables/dovecot> /usr/lib/dovecot/managesieve { #include <abstractions/base> + capability setgid, + capability setuid, + + network inet stream, + network inet6 stream, + + @{DOVECOT_MAILSTORE}/ rw, + @{DOVECOT_MAILSTORE}/** rwkl, + /etc/dovecot/** r, /usr/bin/doveconf rix, /usr/lib/dovecot/managesieve mrix, -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
