Am Freitag, 15. April 2016, 09:12:06 CEST schrieb Michal Kubecek:
> On Thu, Apr 14, 2016 at 07:25:51AM +0200, Michal Kubecek wrote:
> > On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote:
> > > General feedback if we want that "big" profile update patch or
> > > only a
> > > "small" patch to adjust the samba/nmbd profile is also welcome.
> > 
> > As you seem to know that some of the changes are actually needed in
> > 13.1 (and IIRC you mentioned one in the recent nscd thread), I
> > would vote for the full patch.

Packages with all the profile updates and an additional fix for 
libapparmor (taken from upstream 2.8 bzr branch) to support more log 
formats just built in security:apparmor.

Note that this repo contains multiple versions and will give you 
AppArmor 2.10 if you just zypper dup from it [1], so you'll need to use 
zypper in with the exact 2.8.4 version in the zypper command line.

The safer (and maybe easier) way is probably to download the packages 

    osc getbinaries security:apparmor apparmor_2_8 openSUSE_13.1 x86_64

(or i586, whatever you need) and install them manually.

I'll test the packages on one of my servers tomorrow and submit them to 
Evergreen afterwards.

> The samba update is submitted now to
> openSUSE:Evergreen:Maintenance:4627 If you are going to submit the
> AppArmor profile update, using this incident would be IMHO the best
> option as that way both samba and profile update would be released at
> once, preventing regressions.

What is the best way to do this?
I'd guess something like

    osc sr security:apparmor apparmor_2_8  \ 
        openSUSE:Evergreen:Maintenance:4627 WHATEVER

but I'm not sure what I should use for WHATEVER ;-)

That said - I don't think having a separate update is a real problem if 
both are released at the same time (or AppArmor first).


Christian Boltz

[1] 2.10 isn't the worst thing that can happen to you ;-) and probably 
    has much less bugs than 2.8.4 - but I understand that such a version
    update isn't the best idea for a maintenance release.
    I'll ignore the fact that we do a version update of Samba ;-)

looks like you have some special code in yast for password "x", maybe I
should use the even more secure new password "y" in the future  ?! ;-)
[Harald Koenig in https://bugzilla.novell.com/show_bug.cgi?id=148464]

Evergreen mailing list

Reply via email to