Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2021-10-19 23:03:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Tue Oct 19 23:03:30 2021 rev:158 rq:925557 version:3.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2021-09-25 00:35:52.439159418 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new.1890/apparmor.changes 2021-10-19 23:03:32.497265163 +0200 @@ -1,0 +2,5 @@ +Fri Oct 15 20:22:11 UTC 2021 - Christian Boltz <suse-b...@cboltz.de> + +- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532) + +------------------------------------------------------------------- New: ---- add-samba-bgqd.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.xow3Hb/_old 2021-10-19 23:03:33.181265474 +0200 +++ /var/tmp/diff_new_pack.xow3Hb/_new 2021-10-19 23:03:33.185265475 +0200 @@ -81,6 +81,9 @@ # update abstractions/python and profiles for python 3.10 (submitted upstream 2021-08-11 https://gitlab.com/apparmor/apparmor/-/merge_requests/783) Patch7: profiles-python-3.10-mr783.diff +# add samba-bgqd profile (submitted upstream 2021-10-15 https://gitlab.com/apparmor/apparmor/-/merge_requests/807) +Patch8: add-samba-bgqd.diff + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor @@ -344,6 +347,7 @@ %patch4 %patch5 %patch7 -p1 +%patch8 -p1 %build %define _lto_cflags %{nil} @@ -571,6 +575,7 @@ %config(noreplace) %{_sysconfdir}/apparmor.d/lsb_release %config(noreplace) %{_sysconfdir}/apparmor.d/nvidia_modprobe %config(noreplace) %{_sysconfdir}/apparmor.d/php-fpm +%config(noreplace) %{_sysconfdir}/apparmor.d/samba-bgqd %config(noreplace) %{_sysconfdir}/apparmor.d/local/* %dir /usr/share/apparmor/ %if %{with precompiled_cache} ++++++ add-samba-bgqd.diff ++++++ commit 85e53a5d040cdf3f7705da9e625b85041694aa4c Author: Christian Boltz <appar...@cboltz.de> Date: Fri Oct 15 22:02:36 2021 +0200 Add profile for samba-bgqd ... and some rules in the smbd profile to execute it and send it a term signal. samba-bgqd is (quoting its manpage) "an internal helper program performing asynchronous printing-related jobs." samba-bgqd was added in Samba 4.15. Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1191532 diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd new file mode 100644 index 00000000..c81c64f1 --- /dev/null +++ b/profiles/apparmor.d/samba-bgqd @@ -0,0 +1,18 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile samba-bgqd /usr/lib*/samba/samba-bgqd { + include <abstractions/base> + include <abstractions/cups-client> + include <abstractions/nameservice> + include <abstractions/samba> + + signal receive set=term peer=smbd, + + @{PROC}/sys/kernel/core_pattern r, + @{run}/samba/samba-bgqd.pid wk, + + # Site-specific additions and overrides. See local/README for details. + include if exists <local/samba-bgqd> +} diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd index 92305564..b8fdad15 100644 --- a/profiles/apparmor.d/usr.sbin.smbd +++ b/profiles/apparmor.d/usr.sbin.smbd @@ -24,6 +24,8 @@ profile smbd /usr/{bin,sbin}/smbd { capability sys_resource, capability sys_tty_config, + signal send set=term peer=samba-bgqd, + /etc/mtab r, /etc/netgroup r, /etc/printcap r, @@ -35,6 +37,7 @@ profile smbd /usr/{bin,sbin}/smbd { /usr/lib*/samba/charset/*.so mr, /usr/lib*/samba/gensec/*.so mr, /usr/lib*/samba/pdb/*.so mr, + /usr/lib*/samba/samba-bgqd Px -> samba-bgqd, /usr/lib*/samba/{lowcase,upcase,valid}.dat r, /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr, /usr/lib/@{multiarch}/samba/**/ r,
