Hello community, here is the log from the commit of package rsyslog for openSUSE:Factory checked in at 2014-07-21 21:40:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rsyslog (Old) and /work/SRC/openSUSE:Factory/.rsyslog.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsyslog" Changes: -------- --- /work/SRC/openSUSE:Factory/rsyslog/rsyslog.changes 2014-07-20 10:58:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rsyslog.new/rsyslog.changes 2014-07-21 22:35:02.000000000 +0200 @@ -1,0 +2,8 @@ +Wed Jul 16 15:17:34 UTC 2014 - [email protected] + +- Preliminary AppArmor support. Since those profiles need to be tested + properly they'll live in /etc/apparmor/profiles/extras. +- Added rsyslog-pid-file.patch to fix a regression that causes the pid + file to be created in /etc + +------------------------------------------------------------------- New: ---- module-gssapi module-gtls module-mysql module-pgsql module-relp module-snmp module-udpspoof rsyslog-pid-file.patch usr.sbin.rsyslogd ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsyslog.spec ++++++ --- /var/tmp/diff_new_pack.PXstYE/_old 2014-07-21 22:35:04.000000000 +0200 +++ /var/tmp/diff_new_pack.PXstYE/_new 2014-07-21 22:35:04.000000000 +0200 @@ -172,8 +172,27 @@ Source2: rsyslog.conf.in Source4: rsyslog.d.remote.conf.in Source5: rsyslog-service-prepare.in +Source6: usr.sbin.rsyslogd +Source7: module-gssapi +Source8: module-gtls +Source9: module-mysql +Source10: module-pgsql +Source11: module-relp +Source12: module-snmp +Source13: module-udpspoof + # PATCH-FIX-OPENSUSE rsyslog-unit.patch [email protected] Customize upstream systemd unit for openSUSE needs. Patch0: rsyslog-unit.patch +# PATCH-FIX-UPSTREAM rsyslog-pid-file.patch [email protected] Fixes https://github.com/rsyslog/rsyslog/issues/86, can probably be removed after 8.2.2 +Patch1: rsyslog-pid-file.patch + +# this is a dirty hack since % dir does only work for the specified directory and nothing above +# but I want to be able to switch this to /etc/apparmor.d once the profiles received more testing +%define APPARMOR_PROFILE_PATH /etc/apparmor/profiles/extras +%define APPARMOR_PROFILE_PATH_DIR_COMMANDS %dir /etc/apparmor/ \ + %dir /etc/apparmor/profiles \ + %dir /etc/apparmor/profiles/extras \ + %dir /etc/apparmor/profiles/extras/rsyslog.d %description Rsyslog is an enhanced multi-threaded syslogd supporting, among others, @@ -450,6 +469,7 @@ %prep %setup -q -n %{name}-%{upstream_version} %patch0 -p1 +%patch1 -p1 # %if %{with systemd} for file in rsyslog-service-prepare; do @@ -677,6 +697,29 @@ install -d -m0755 %{buildroot}%{rsyslog_rundir} touch %{buildroot}%{rsyslog_sockets_cfg} chmod 644 %{buildroot}%{rsyslog_sockets_cfg} +mkdir -p %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +install -m0640 %{SOURCE6} %{buildroot}%{APPARMOR_PROFILE_PATH}/ +%if %{with gssapi} + install -m0640 %{SOURCE7} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +%endif +%if %{with gnutls} + install -m0640 %{SOURCE8} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +%endif +%if %{with mysql} + install -m0640 %{SOURCE9} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +%endif +%if %{with pgsql} + install -m0640 %{SOURCE10} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +%endif +%if %{with relp} + install -m0640 %{SOURCE11} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +%endif +%if %{with snmp} + install -m0640 %{SOURCE12} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +%endif +%if %{with udpspoof} + install -m0640 %{SOURCE13} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/ +%endif %clean if [ -n "%{buildroot}" ] && [ "%{buildroot}" != "/" ] ; then @@ -883,6 +926,8 @@ %{_unitdir}/rsyslog.service %{_sbindir}/rc%{name} %endif +%{APPARMOR_PROFILE_PATH_DIR_COMMANDS} +%config %{APPARMOR_PROFILE_PATH}/usr.sbin.rsyslogd %if %{with diagtools} @@ -901,6 +946,7 @@ %{rsyslog_module_dir_withdeps}/omgssapi.so %{rsyslog_module_dir_withdeps}/imgssapi.so %{rsyslog_module_dir_withdeps}/lmgssutil.so +%config %{APPARMOR_PROFILE_PATH}/rsyslog.d/module-gssapi %endif %if %{with mysql} @@ -909,6 +955,7 @@ %defattr(-,root,root) %doc %{rsyslogdocdir}/mysql-createDB.sql %{rsyslog_module_dir_withdeps}/ommysql.so +%config %{APPARMOR_PROFILE_PATH}/rsyslog.d/module-mysql %endif %if %{with pgsql} @@ -917,6 +964,7 @@ %defattr(-,root,root) %doc %{rsyslogdocdir}/pgsql-createDB.sql %{rsyslog_module_dir_withdeps}/ompgsql.so +%config %{APPARMOR_PROFILE_PATH}/rsyslog.d/module-pgsql %endif %if %{with dbi} @@ -932,6 +980,7 @@ %defattr(-,root,root) %{rsyslog_module_dir_withdeps}/omsnmp.so %{rsyslog_module_dir_nodeps}/mmsnmptrapd.so +%config %{APPARMOR_PROFILE_PATH}/rsyslog.d/module-snmp %endif %if %{with gnutls} @@ -939,6 +988,7 @@ %files module-gtls %defattr(-,root,root) %{rsyslog_module_dir_withdeps}/lmnsd_gtls.so +%config %{APPARMOR_PROFILE_PATH}/rsyslog.d/module-gtls %endif %if %{with relp} @@ -947,6 +997,7 @@ %defattr(-,root,root) %{rsyslog_module_dir_withdeps}/imrelp.so %{rsyslog_module_dir_withdeps}/omrelp.so +%config %{APPARMOR_PROFILE_PATH}/rsyslog.d/module-relp %endif %if %{with mmnormalize} @@ -963,6 +1014,7 @@ %files module-udpspoof %defattr(-,root,root) %{rsyslog_module_dir_nodeps}/omudpspoof.so +%config %{APPARMOR_PROFILE_PATH}/rsyslog.d/module-udpspoof %endif %if %{with elasticsearch} ++++++ module-gssapi ++++++ # rsyslog-module-gssapi # couldn't test because not kerberos server is available # but it shouldn't require any special permissions anyhow ++++++ module-gtls ++++++ # for logging via TLS (rsyslog-module-gtls) # keys/certificates need to be located under /etc/rsyslog.d or permissions need to be adjusted here # rsyslog tries to write to the certificates for no reason, so deny this quietly deny /etc/rsyslog.d/* w, ++++++ module-mysql ++++++ # for logging to mysql DB (rsyslog-module-mysql) #include <abstractions/mysql> #include <abstractions/p11-kit> /etc/my.cnf r, /etc/my.cnf.d/ r, /etc/my.cnf.d/default_plugins.cnf r, ++++++ module-pgsql ++++++ # for logging to postgresql (rsyslog-module-pgsql) ++++++ module-relp ++++++ # for logging via relp (rsyslog-module-relp) ++++++ module-snmp ++++++ # for logging to (rsyslog-module-snmp) #include <abstractions/wutmp> /proc/uptime r, /usr/share/snmp/mibs/ r, /usr/share/snmp/mibs/*.txt r, /var/lib/net-snmp/mib_indexes/ rw, /var/lib/net-snmp/mib_indexes/* rw, ++++++ module-udpspoof ++++++ # for logging with omudpspoof (rsyslog-module-udpspoof) capability net_raw, network inet raw, ++++++ rsyslog-pid-file.patch ++++++ Index: rsyslog-8.2.2/tools/syslogd.c =================================================================== --- rsyslog-8.2.2.orig/tools/syslogd.c +++ rsyslog-8.2.2/tools/syslogd.c @@ -133,19 +133,14 @@ rsRetVal rsyslogdInit(void); void rsyslogdDebugSwitch(); void rsyslogdDoDie(int sig); - -#if defined(SYSLOGD_PIDNAME) -# undef _PATH_LOGPID -# define _PATH_LOGPID "/etc/" SYSLOGD_PIDNAME -#else -# ifndef _PATH_LOGPID -# define _PATH_LOGPID "/etc/rsyslogd.pid" -# endif +#ifndef _PATH_LOGPID +# define _PATH_LOGPID "/var/run/rsyslogd.pid" #endif #ifndef _PATH_TTY # define _PATH_TTY "/dev/tty" #endif + char *PidFile = _PATH_LOGPID; /* read-only after startup */ int bHadHUP = 0; /* did we have a HUP? */ ++++++ usr.sbin.rsyslogd ++++++ # ------------------------------------------------------------------ # # Copyright (C) 2014 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/rsyslogd { #include <abstractions/base> #include <abstractions/consoles> # general networking is allowed here #include <abstractions/nameservice> capability block_suspend, capability dac_override, capability sys_nice, capability sys_tty_config, capability syslog, /dev/tty* w, /dev/xconsole rw, /etc/rsyslog.conf r, /etc/rsyslog.d/ r, /etc/rsyslog.d/* r, /usr/lib{,32,64}/rsyslog/* mr, /usr/sbin/rsyslogd mr, /var/log/** rw, /proc/kmsg r, /{var/,}run/rsyslog/* r, /{var/,}run/rsyslogd.pid rwk, /{var/,}run/systemd/journal/syslog w, # include rules for rsyslog-module-* packages #include <rsyslog.d> } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
