Hello, I have a *very good* reason to get 2.9.3 released NOW...
TL;DR: openSUSE 13.2 needs an update because of the Samba security update, and it would be a shame to do an update with "just" the samba profile now, and push another update with 2.9.3 next week ;-) Note: most of the forwarded mail is about openSUSE 13.1 (which includes 2.8.4), the relevant part for 13.2 is in the last paragraph. ---------- Weitergeleitete Nachricht ---------- Betreff: Re: [Evergreen] samba security update - badlock and friends Datum: Donnerstag, 14. April 2016, 08:48:13 CEST Von: Michal Kubecek <mike AT mk-sys.cz> An: [email protected] On Thu, Apr 14, 2016 at 07:25:51AM +0200, Michal Kubecek wrote: > On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote: > > Am Mittwoch, 13. April 2016, 22:04:37 CEST schrieb Michal Kubecek: > > > > > > I did some (very) basic testing and found only one issue: to start > > > nmbd from 4.2.4 package on a 13.1 system with AppArmor, these need to > > > be added to its profile: > > > > > > /var/{cache,lib}/samba/lck/ w, > > > /var/{cache,lib}/samba/lck/* wk, > > > /var/{cache,lib}/samba/msg/ w, > > > /var/{cache,lib}/samba/msg/* w, > > > > Are those files and directories in /var/cache/samba/ or > > /var/lib/samba/ ? > > I'm asking because /var/lib/samba/** is covered by newer upstream > > profiles (via abstractions/samba), while /var/cache/samba/ isn't. > > Only /var/lib/samba paths were needed, I just adjusted the rules to > mach the others. > > I will check if the same problem exists in SLE12 GA and openSUSE 13.2 > which also upgraded from 4.1.x to 4.2.4 (and to exactly the same > package). I it does, I'll file a bug. SLE12 GA has apparmor-profiles 2.8.2 but it already has /var/lib/samba/** rwk, in abstractions/samba so it's OK. On the other hand, 13.2 has newer apparmor-profiles 2.9.1 but still without the general rule and as I checked now, it suffers from the same problem as 13.1. The update hasn't been released yet so I added a comment to the openSUSE:Maintenance:4961 release request #389541 (https://build.opensuse.org/request/show/ 389541). Michal Kubecek ------------------------------------------------------------- Regards, Christian Boltz -- Übrigens: Wenn man feststellen will, wie leer man ist: Einfach ein paar Flaschen Whiskey oder so nehmen und so lange in dem Mund schütten, bis man "voll" ist. Das Ergebnis kann man dann bei mir melden. :-)) [Konrad Neitzel in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
