Package: tcpdump
Version: 4.9.2-2
Severity: normal
Tags: patch modify-profile
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu bionic ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already
have 'net_admin' and network module loading (which happens with -D) is
allowed with 'net_admin' (LP: #1759029)
Thanks for considering the patch.
-- System Information:
Debian Release: buster/sid
APT prefers bionic
APT policy: (500, 'bionic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru tcpdump-4.9.2/debian/control tcpdump-4.9.2/debian/control
--- tcpdump-4.9.2/debian/control 2018-02-05 10:54:46.000000000 -0600
+++ tcpdump-4.9.2/debian/control 2018-03-26 15:28:20.000000000 -0500
@@ -1,8 +1,7 @@
Source: tcpdump
Section: net
Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
-XSBC-Original-Maintainer: Romain Francoise <rfranco...@debian.org>
+Maintainer: Romain Francoise <rfranco...@debian.org>
Build-Depends: debhelper (>= 8.9.4~),
dh-apparmor,
dh-autoreconf,
diff -Nru tcpdump-4.9.2/debian/usr.sbin.tcpdump
tcpdump-4.9.2/debian/usr.sbin.tcpdump
--- tcpdump-4.9.2/debian/usr.sbin.tcpdump 2017-12-31 08:48:36.000000000
-0600
+++ tcpdump-4.9.2/debian/usr.sbin.tcpdump 2018-03-26 15:28:20.000000000
-0500
@@ -1,6 +1,4 @@
# vim:syntax=apparmor
-# Last Modified: Wed Feb 3 07:58:30 2009
-# Author: Jamie Strandboge <ja...@canonical.com>
#include <tunables/global>
/usr/sbin/tcpdump {
@@ -16,7 +14,6 @@
network packet,
# for -D
- capability sys_module,
@{PROC}/bus/usb/ r,
@{PROC}/bus/usb/** r,
