Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2019-03-01 20:29:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Fri Mar 1 20:29:54 2019 rev:124 rq:679945 version:2.13.2 Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2019-02-04 21:24:10.115613929 +0100 +++ /work/SRC/openSUSE:Factory/.apparmor.new.28833/apparmor.changes 2019-03-01 20:29:55.762003995 +0100 @@ -1,0 +2,7 @@ +Wed Feb 27 19:28:14 UTC 2019 - Christian Boltz <[email protected]> + +- add dnsmasq-revert-alternation.diff: revert path alternation in + dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid + breaking libvirtd (boo#1127073) + +------------------------------------------------------------------- New: ---- dnsmasq-revert-alternation.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.eymzXD/_old 2019-03-01 20:29:57.454003587 +0100 +++ /var/tmp/diff_new_pack.eymzXD/_new 2019-03-01 20:29:57.458003586 +0100 @@ -75,6 +75,9 @@ # add peer=libvirtd to dnsmasq profile (from upstream 20fe099cede7cb5ec7dcf62a5427936766a6d4e4) Patch11: dnsmasq-libvirtd.diff +# revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073, submitted upstream 2019-02-26 as https://gitlab.com/apparmor/apparmor/merge_requests/346) +Patch12: dnsmasq-revert-alternation.diff + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -366,6 +369,7 @@ %patch9 -p1 %patch10 %patch11 -p1 +%patch12 -p1 %build export SUSE_ASNEEDED=0 ++++++ dnsmasq-revert-alternation.diff ++++++ commit 4b9a07eb9be98c56a622379ba2055f0f9d5dce30 Author: Christian Boltz <[email protected]> Date: Tue Feb 26 21:05:16 2019 +0100 Revert /usr/{bin,sbin}/ alternation in dnsmasq profile Even if we expected it to stay compatible with peer=/usr/sbin/dnsmasq in the libvirtd profile, practise shows that we were wrong. This patch reverts the profile name to /usr/sbin/dnsmasq, and re-adds the libvirtd peer name /usr/sbin/libvirtd to avoid breaking libvirtd. References: https://bugzilla.opensuse.org/show_bug.cgi?id=1127073 diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq index 3f66a17e..2dc8902e 100644 --- a/profiles/apparmor.d/usr.sbin.dnsmasq +++ b/profiles/apparmor.d/usr.sbin.dnsmasq @@ -12,7 +12,7 @@ @{TFTP_DIR}=/var/tftp /srv/tftpboot #include <tunables/global> -/usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) { +/usr/sbin/dnsmasq flags=(attach_disconnected) { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/nameservice> @@ -28,8 +28,10 @@ network inet6 raw, signal (receive) peer=/usr/{bin,sbin}/libvirtd, + signal (receive) peer=/usr/sbin/libvirtd, signal (receive) peer=libvirtd, ptrace (readby) peer=/usr/{bin,sbin}/libvirtd, + ptrace (readby) peer=/usr/sbin/libvirtd, ptrace (readby) peer=libvirtd, owner /dev/tty rw,
