Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2020-04-14 15:08:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Tue Apr 14 15:08:56 2020 rev:137 rq:792970 version:2.13.4 Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2020-04-08 19:54:15.741017264 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new.2738/apparmor.changes 2020-04-14 16:16:19.555340440 +0200 @@ -1,0 +2,6 @@ +Thu Apr 9 18:56:09 UTC 2020 - Goldwyn Rodrigues <[email protected]> + +- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch + (bsc#1168306) + +------------------------------------------------------------------- New: ---- abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.ebitrU/_old 2020-04-14 16:16:21.123341563 +0200 +++ /var/tmp/diff_new_pack.ebitrU/_new 2020-04-14 16:16:21.127341566 +0200 @@ -80,6 +80,9 @@ # fix build with make 4.3 - fix apparmor.vim capability rules (submitted upstream 2020-03-29 https://gitlab.com/apparmor/apparmor/-/merge_requests/463, not in 2.13.x, boo#1167953) Patch14: make-4.3-capabilities-vim.diff +#Bug 1168306 - apparmor prevents the resolver from reading /etc/mdns.allow, and therefore forbids using any custom domain name +Patch15: abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -373,6 +376,7 @@ %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 %build %define _lto_cflags %{nil} ++++++ abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch ++++++ >From eeac8c11c935edf9eea2bed825af6c57e9fb52e3 Mon Sep 17 00:00:00 2001 From: Rich McAllister <[email protected]> Date: Tue, 31 Mar 2020 21:01:21 -0700 Subject: [PATCH] abstractions: add /etc/mdns.allow to /etc/apparmor.d/abstractions/mdns References: bsc#1168306 In focal users of mdns get denials in apparmor confined applications. An exampel can be found in the original bug below. It seems it is a common pattern, see https://github.com/lathiat/nss-mdns#etcmdnsallow Therefore I'm asking to add /etc/mdns.allow r, to the file /etc/apparmor.d/abstractions/mdns" by default. --- profiles/apparmor.d/abstractions/mdns | 1 + 1 file changed, 1 insertion(+) --- a/profiles/apparmor.d/abstractions/mdns +++ b/profiles/apparmor.d/abstractions/mdns @@ -9,5 +9,6 @@ # ------------------------------------------------------------------ # mdnsd + /etc/mdns.allow r, /etc/nss_mdns.conf r, /{,var/}run/mdnsd w,
