Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2016-01-01 19:48:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2015-12-09 22:15:08.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.docker.new/docker.changes 2016-01-01 19:50:59.000000000 +0100 @@ -0,0 +1,4 @@ +Wed Dec 23 10:47:04 UTC 2015 - [email protected] + +- Add rules for auditd. This is required to fix bnc#959405 + New: ---- docker-audit.rules ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.CvHg8p/_old 2016-01-01 19:51:01.000000000 +0100 +++ /var/tmp/diff_new_pack.CvHg8p/_new 2016-01-01 19:51:01.000000000 +0100 @@ -38,6 +38,7 @@ Source6: docker-rpmlintrc Source7: README_SUSE.md +Source8: docker-audit.rules # TODO: remove once we figure out what is wrong with iptables on ppc64le Source100: sysconfig.docker.ppc64le Patch0: fix-docker-init.patch @@ -54,6 +55,7 @@ Patch104: docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch Patch105: add_bolt_arm64.patch Patch106: docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch +BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: glibc-devel-static @@ -210,6 +212,9 @@ install -D -m 0644 %SOURCE3 %{buildroot}%{_prefix}/lib/udev/rules.d/80-%{name}.rules +# audit rules +install -D -m 0640 %SOURCE8 %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules + # sysconfig file %ifarch ppc64le install -D -m 644 %SOURCE100 %{buildroot}/var/adm/fillup-templates/sysconfig.docker @@ -251,6 +256,7 @@ %{_prefix}/lib/docker/dockerinit %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket +%config %{_sysconfdir}/audit/rules.d/%{name}.rules %{_prefix}/lib/udev/rules.d/80-%{name}.rules /var/adm/fillup-templates/sysconfig.docker %ifarch %go_arches ++++++ docker-audit.rules ++++++ ## # Audit rules based on CIS Docker 1.6 Benchmark v1.0.0 # https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf # Not all of these apply to SUSE. # 1.8 Audit docker daemon -w /usr/bin/docker -k docker # 1.9 Audit Docker files and directories -w /var/lib/docker -k docker # 1.10 Audit /etc/docker -w /etc/docker -k docker # 1.11 Audit Docker files and directories - docker-registry.service -w /usr/lib/systemd/system/docker-registry.service -k docker # 1.12 Audit Docker files and directories - docker.service -w /usr/lib/systemd/system/docker.service -k docker # 1.13 Audit Docker files and directories - /var/run/docker.sock -w /var/run/docker.sock -k docker # 1.14 Audit Docker files and directories - /etc/sysconfig/docker -w /etc/sysconfig/docker -k docker # 1.15 Audit Docker files and directories - /etc/sysconfig/docker-network -w /etc/sysconfig/docker-network -k docker # 1.16 Audit Docker files and directories - /etc/sysconfig/docker-registry -w /etc/sysconfig/docker-registry -k docker # 1.17 Audit Docker files and directories - /etc/sysconfig/docker-storage -w /etc/sysconfig/docker-storage -k docker # 1.18 Audit Docker files and directories - /etc/default/docker -w /etc/default/docker-k docker ## end docker audit rules
