commit apparmor for openSUSE:Factory

Tue, 28 May 2024 08:27:41 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apparmor for openSUSE:Factory 
checked in at 2024-05-28 17:27:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.apparmor.new.24587 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apparmor"

Tue May 28 17:27:17 2024 rev:207 rq:1177352 version:4.0.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes        2024-05-27 
11:45:24.410817633 +0200
+++ /work/SRC/openSUSE:Factory/.apparmor.new.24587/apparmor.changes     
2024-05-28 17:27:21.704810862 +0200
@@ -1,0 +2,13 @@
+Tue May 28 12:20:59 UTC 2024 - Christian Boltz <suse-b...@cboltz.de>
+
+- exclude runc profile until updated runc packages (including
+  updated profile with "signal peer=runc") have arrived
+
+-------------------------------------------------------------------
+Sat May 25 11:31:05 UTC 2024 - Christian Boltz <suse-b...@cboltz.de>
+
+- add aa-remove-unknown-fix-unconfined.diff to fix
+  aa-remove-unknown for 'unconfined' profiles (boo#1225457)
+- set permissions for %ghost files (boo#1223578)
+
+-------------------------------------------------------------------

New:
----
  aa-remove-unknown-fix-unconfined.diff

BETA DEBUG BEGIN:
  New:
- add aa-remove-unknown-fix-unconfined.diff to fix
  aa-remove-unknown for 'unconfined' profiles (boo#1225457)
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.xK4C5U/_old  2024-05-28 17:27:23.180864899 +0200
+++ /var/tmp/diff_new_pack.xK4C5U/_new  2024-05-28 17:27:23.184865046 +0200
@@ -88,6 +88,9 @@
 # make test-aa-notify a bit more relaxed to allow different argparse wording 
on Leap 15.5 (merged upstream 2024-05-06 (4.0 and master) 
https://gitlab.com/apparmor/apparmor/-/merge_requests/1226)
 Patch11:        test-aa-notify.diff
 
+# Fix aa-remove-unknown for 'unconfined' profiles (submitted upstream 
2024-05-25 https://gitlab.com/apparmor/apparmor/-/merge_requests/1240)
+Patch12:        aa-remove-unknown-fix-unconfined.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  autoconf
@@ -357,6 +360,7 @@
 %endif
 %patch -P 10 -p1
 %patch -P 11 -p1
+%patch -P 12 -p1
 
 %build
 export SUSE_ASNEEDED=0
@@ -426,7 +430,7 @@
     usr.sbin.identd usr.sbin.mdnsd usr.sbin.nmbd usr.sbin.nscd usr.sbin.ntpd 
usr.sbin.smbd usr.sbin.smbd-shares usr.sbin.smbldap-useradd  
usr.sbin.traceroute \
     usr.sbin.winbindd zgrep
 do
-    echo "%ghost /etc/apparmor.d/local/$oldlocal"
+    echo "%ghost %config %attr(0644,root,root) /etc/apparmor.d/local/$oldlocal"
 done > oldlocal.files
 
 %check
@@ -660,7 +664,9 @@
 %config(noreplace) %{_sysconfdir}/apparmor.d/rootlesskit
 %config(noreplace) %{_sysconfdir}/apparmor.d/rpm
 %config(noreplace) %{_sysconfdir}/apparmor.d/rssguard
-%config(noreplace) %{_sysconfdir}/apparmor.d/runc
+# exclude runc profile until the updated runc (including updated profile with 
"signal peer=runc") has arrived
+#config(noreplace) %{_sysconfdir}/apparmor.d/runc
+%exclude %{_sysconfdir}/apparmor.d/runc
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-bgqd
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-dcerpcd
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd

++++++ aa-remove-unknown-fix-unconfined.diff ++++++
commit cabd88a94055d2a7b876758d36fe559a6b728f45
Author: Christian Boltz <appar...@cboltz.de>
Date:   Sat May 25 13:12:49 2024 +0200

    Fix aa-remove-unknown for 'unconfined' profiles
    
    Without this patch, aa-remove-unknown uses 'profile_name (unconfined)'
    when trying to unload unconfined profiles, which fails for obvious
    reasons with (picking a random example)
    
        Removing 'busybox (unconfined)'
        /sbin/aa-remove-unknown: line 112: echo: write error: No such file or 
directory

diff --git a/utils/aa-remove-unknown b/utils/aa-remove-unknown
index 0e00d6a03..983d23727 100755
--- a/utils/aa-remove-unknown
+++ b/utils/aa-remove-unknown
@@ -89,7 +89,7 @@ LOADED_PROFILES=$("$PARSER" -N $PROFILE_DIRS) || {
 echo "$LOADED_PROFILES" | awk '
 BEGIN {
   while (getline < "'${PROFILES}'" ) {
-    str = sub(/ \((enforce|complain)\)$/, "", $0);
+    str = sub(/ \((enforce|complain|unconfined)\)$/, "", $0);
     if (match($0, /^libvirt-[0-9a-f\-]+$/) == 0)
       arr[$str] = $str
   }

Reply via email to