Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2019-10-10 12:21:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new.2352 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Thu Oct 10 12:21:35 2019 rev:131 rq:735945 version:2.13.3 Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2019-10-07 13:37:00.781008484 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new.2352/apparmor.changes 2019-10-10 12:21:37.562979858 +0200 @@ -1,0 +2,6 @@ +Mon Oct 7 19:58:19 UTC 2019 - Christian Boltz <[email protected]> + +- add usr-etc-abstractions-authentification.diff to allow reading + /usr/etc/pam.d/* and some other authentification-related files (boo#1153162) + +------------------------------------------------------------------- New: ---- usr-etc-abstractions-authentification.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.uDBhx0/_old 2019-10-10 12:21:38.906976597 +0200 +++ /var/tmp/diff_new_pack.uDBhx0/_new 2019-10-10 12:21:38.906976597 +0200 @@ -71,6 +71,9 @@ # add certbot paths to abstractions/ssl_keys and abstractions/ssl_certs (from upstream https://gitlab.com/apparmor/apparmor/merge_requests/398, merged 2019-06-30) Patch7: abstractions-ssl-certbot-paths.diff +# allow reading /usr/etc/pam.d/* and some other authentification-related files (submitted upstream 2019-10-07 https://gitlab.com/apparmor/apparmor/merge_requests/426) +Patch8: usr-etc-abstractions-authentification.diff + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -361,6 +364,7 @@ %patch5 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build %define _lto_cflags %{nil} ++++++ usr-etc-abstractions-authentification.diff ++++++ commit ee7194a7141b99225bb1d040ef2d37ad47ca838e Author: Christian Boltz <[email protected]> Date: Mon Oct 7 21:47:25 2019 +0200 Allow /usr/etc/ in abstractions/authentication openSUSE (and hopefully some other distributions) work on moving shipped config files from /etc/ to /usr/etc/ so that /etc/ only contains files written by the admin of each system. See https://en.opensuse.org/openSUSE:Packaging_UsrEtc for details and the first moved files. Updating abstractions/authentication is the first step, and also fixes bugzilla.opensuse.org/show_bug.cgi?id=1153162 diff --git a/profiles/apparmor.d/abstractions/authentication b/profiles/apparmor.d/abstractions/authentication index b92516f9..58efe6b9 100644 --- a/profiles/apparmor.d/abstractions/authentication +++ b/profiles/apparmor.d/abstractions/authentication @@ -2,6 +2,7 @@ # # Copyright (C) 2002-2009 Novell/SUSE # Copyright (C) 2009-2012 Canonical Ltd +# Copyright (C) 2019 Christian Boltz # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -14,13 +15,13 @@ # Some services need to perform authentication of users # Such authentication almost certainly needs access to the local users # databases containing passwords, PAM configuration files, PAM libraries - /etc/nologin r, - /etc/pam.d/* r, - /etc/securetty r, - /etc/security/* r, - /etc/shadow r, - /etc/gshadow r, - /etc/pwdb.conf r, + /{usr/,}etc/nologin r, + /{usr/,}etc/pam.d/* r, + /{usr/,}etc/securetty r, + /{usr/,}etc/security/* r, + /{usr/,}etc/shadow r, + /{usr/,}etc/gshadow r, + /{usr/,}etc/pwdb.conf r, /{usr/,}lib{,32,64}/security/pam_filter/* mr, /{usr/,}lib{,32,64}/security/pam_*.so mr, @@ -32,8 +33,8 @@ # kerberos #include <abstractions/kerberosclient> # SuSE's pwdutils are different: - /etc/default/passwd r, - /etc/login.defs r, + /{usr/,}etc/default/passwd r, + /{usr/,}etc/login.defs r, # nis #include <abstractions/nis>
