Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2015-04-22 01:13:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2015-03-03 11:11:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2015-04-22 01:13:54.000000000 +0200 @@ -1,0 +2,19 @@ +Fri Apr 17 18:46:08 UTC 2015 - [email protected] + +- make sure %service_del_postun doesn't call systemctl try-restart + (boo#853019, bare systemd edition) +- add samba-4.2-profiles.diff: update samba (winbindd and nmb) + profiles for samba 4.2 (boo#921098, boo#923201) + +------------------------------------------------------------------- +Sun Apr 12 21:13:23 UTC 2015 - [email protected] + +- only install apparmor.service for openSUSE > 13.2 + +------------------------------------------------------------------- +Wed Apr 1 03:47:44 UTC 2015 - [email protected] + +- Add a native systemd unit which *at the moment* only + wraps/masks the early boot script. + +------------------------------------------------------------------- New: ---- apparmor.service samba-4.2-profiles.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.e77GqM/_old 2015-04-22 01:13:54.000000000 +0200 +++ /var/tmp/diff_new_pack.e77GqM/_new 2015-04-22 01:13:54.000000000 +0200 @@ -1,8 +1,8 @@ # # spec file for package apparmor # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. -# Copyright (c) 2011-2014 Christian Boltz +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2011-2015 Christian Boltz # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -72,7 +72,7 @@ Source5: update-trans.sh Source6: baselibs.conf Source7: apparmor-rpmlintrc - +Source8: apparmor.service # enable caching of profiles (= massive performance speedup when loading profiles) Patch1: apparmor-enable-profile-cache.diff @@ -83,6 +83,8 @@ Patch3: apparmor-utils-string-split # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions +# as discussed with Jeff on #apparmor 2015-03-16, disable when packaging the next major release +# (Is this really needed in abstractions/nameservice or only in the nscd profile? bnc#621394 only shows nscd.) Patch4: apparmor-2.5.1-edirectory-profile # Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, [email protected] @@ -101,6 +103,9 @@ # fix build with GCC 5 due to bad ostream use Patch9: apparmor-fix-stl-ostream.diff +# update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201) +Patch10: samba-4.2-profiles.diff + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -151,6 +156,11 @@ BuildRequires: tomcat6 %endif +%if 0%{?suse_version} > 1320 +BuildRequires: systemd-rpm-macros +%{?systemd_requires} +%endif + %package parser Summary: AppArmor userlevel parser utility License: GPL-2.0+ @@ -443,6 +453,7 @@ %patch7 -p1 %patch8 %patch9 +%patch10 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" @@ -595,6 +606,10 @@ # remove *.la files rm -fv %{buildroot}%{_libdir}/libapparmor.la +%if 0%{?suse_version} > 1320 +install -D -m0644 %{S:8} %{buildroot}%{_unitdir}/apparmor.service +%endif + echo ------------------------------------------------------------------- #find -ls echo ------------------------------------------------------------------- @@ -626,6 +641,9 @@ %else %{_sysconfdir}/init.d/apparmor %endif +%if 0%{?suse_version} > 1320 +%{_unitdir}/apparmor.service +%endif %config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf %config(noreplace) %{_sysconfdir}/apparmor/parser.conf %{_localstatedir}/lib/apparmor @@ -636,12 +654,13 @@ %doc %{_mandir}/man5/subdomain.conf.5.gz %doc %{_mandir}/man7/apparmor.7.gz %doc %{_mandir}/man8/apparmor_parser.8.gz -%if %{distro} == "redhat" || %{distro} == "rhel4" %pre parser if [ -f %{_sysconfdir}/init.d/subdomain ] ; then chkconfig --del subdomain fi +%if 0%{?suse_version} > 1320 +%service_add_pre apparmor.service %endif %files parser-lang -f apparmor-parser.lang @@ -827,6 +846,10 @@ fi %endif +%if 0%{?suse_version} > 1320 +%service_add_post apparmor.service +%endif + %preun parser if [ "$1" = 0 ] ; then %if %{distro} == "suse" @@ -837,6 +860,10 @@ %endif fi +%if 0%{?suse_version} > 1320 +%service_del_preun apparmor.service +%endif + %postun parser %if %{distro} == "suse" #restart_on_update boot.apparmor - but non-broken (bnc#853019) @@ -851,6 +878,12 @@ %{insserv_cleanup} || true %endif +%if 0%{?suse_version} > 1320 +# don't call try-restart, see bnc#853019 +export DISABLE_RESTART_ON_UPDATE="yes" +%service_del_postun apparmor.service +%endif + %post abstractions %if %{distro} == "suse" #restart_on_update boot.apparmor - but non-broken (bnc#853019) ++++++ apparmor.service ++++++ [Unit] Description=Load AppArmor profiles DefaultDependencies=no Before=sysinit.target After=systemd-journald-audit.socket ConditionSecurity=apparmor [Service] Type=oneshot ExecStart=/etc/init.d/boot.apparmor start ExecReload=/etc/init.d/boot.apparmor reload ExecStop=/etc/init.d/boot.apparmor stop RemainAfterExit=yes [Install] WantedBy=multi-user.target++++++ samba-4.2-profiles.diff ++++++ Index: profiles/apparmor.d/abstractions/samba =================================================================== --- profiles/apparmor.d/abstractions/samba.orig 2014-07-04 12:09:58.000000000 +0200 +++ profiles/apparmor.d/abstractions/samba 2015-04-17 21:24:22.463107165 +0200 @@ -13,7 +13,7 @@ /usr/share/samba/*.dat r, /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, /var/cache/samba/ w, - /var/lib/samba/**.tdb rwk, + /var/lib/samba/** rwk, /var/log/samba/cores/ rw, /var/log/samba/cores/** rw, /var/log/samba/log.* w, Index: profiles/apparmor.d/usr.sbin.winbindd =================================================================== --- profiles/apparmor.d/usr.sbin.winbindd.orig 2014-04-21 22:10:51.000000000 +0200 +++ profiles/apparmor.d/usr.sbin.winbindd 2015-04-17 21:26:56.262142786 +0200 @@ -10,8 +10,12 @@ capability ipc_lock, capability setuid, + /etc/samba/netlogon_creds_cli.tdb rwk, /etc/samba/passdb.tdb{,.tmp} rwk, /etc/samba/secrets.tdb rwk, + /etc/samba/smbd.tmp/ rw, + /etc/samba/smbd.tmp/msg/ rw, + /etc/samba/smbd.tmp/msg/* rw, @{PROC}/sys/kernel/core_pattern r, /tmp/.winbindd/ w, /tmp/krb5cc_* rwk, @@ -21,9 +25,6 @@ /usr/sbin/winbindd mr, /var/cache/krb5rcache/* rw, /var/cache/samba/*.tdb rwk, - /var/lib/samba/smb_krb5/krb5.conf.* rw, - /var/lib/samba/smb_tmp_krb5.* rw, - /var/lib/samba/winbindd_cache.tdb* rwk, /var/log/samba/log.winbindd rw, /{var/,}run/samba/winbindd.pid rwk, /{var/,}run/samba/winbindd/ rw,
