commit firejail for openSUSE:Factory

Tue, 27 Oct 2020 11:02:27 -0700 

Hello community,

here is the log from the commit of package firejail for openSUSE:Factory 
checked in at 2020-10-27 19:00:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firejail (Old)
 and      /work/SRC/openSUSE:Factory/.firejail.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "firejail"

Tue Oct 27 19:00:22 2020 rev:9 rq:844222 version:0.9.62.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/firejail/firejail.changes        2020-08-19 
18:56:47.667846245 +0200
+++ /work/SRC/openSUSE:Factory/.firejail.new.3463/firejail.changes      
2020-10-27 19:01:16.158844711 +0100
@@ -1,0 +2,6 @@
+Mon Oct 26 22:34:02 UTC 2020 - Christian Boltz <[email protected]>
+
+- Add firejail-apparmor-3.0.diff to make the AppArmor profile compatible with
+  AppArmor 3.0 (add missing include <tunables/global>)
+
+-------------------------------------------------------------------

New:
----
  firejail-apparmor-3.0.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firejail.spec ++++++
--- /var/tmp/diff_new_pack.t8Uc0N/_old  2020-10-27 19:01:16.994845319 +0100
+++ /var/tmp/diff_new_pack.t8Uc0N/_new  2020-10-27 19:01:16.998845322 +0100
@@ -27,6 +27,8 @@
 Source1:        
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
 # PATCH-FIX-OPENSUSE firejail-0.9.62-fix-usr-etc.patch -- 
https://github.com/netblue30/firejail/issues/3145 two patches combined, source 
see file
 Patch0:         firejail-0.9.62-fix-usr-etc.patch
+# PATCH-FIX-UPSTREAM firejail-apparmor-3.0.diff -- 
https://github.com/netblue30/firejail/issues/3659
+Patch1:         firejail-apparmor-3.0.diff
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libapparmor-devel
@@ -45,6 +47,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py 
contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py contrib/sort.py
 
 %build


++++++ firejail-apparmor-3.0.diff ++++++
Note: this patch is backported/modified - upstream moved the AppArmor profile
to etc/apparmor/firejail-default in the meantime
-- cboltz, 2020-10-26



commit bba750c73469ea315d859464ddd19e495d830a72
Author: Kristóf Marussy <[email protected]>
Date:   Sat Oct 10 13:27:42 2020 +0200

    Fix AppArmor 3.0 support (closes #3659)
    
    AppArmor introduces the @{run} variable, which is used in
    <abstractions/dbus-strict> and <abstractions/dbus-session-strict> among
    other places. Thus, we follow suit of the built-in profiles and #include
    <tunables/global>, which includes <tunables/run> in AppArmor 3.0,
    defining the variable.
    
    As <tunables/global> exists in previous versions of AppArmor, too, this
    patch does not introduce a backward-compatibility issue with Apparmor
    2.x.

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index 68e20d9b..e396ae7d 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -2,6 +2,10 @@
 # Generic Firejail AppArmor profile
 #########################################
 
+# AppArmor 3.0 uses the @{run} variable in <abstractions/dbus-strict>
+# and <abstractions/dbus-session-strict>.
+#include <tunables/global>
+
 ##########
 # A simple PID declaration based on Ubuntu's @{pid}
 # Ubuntu keeps it under tunables/kernelvars and include it via tunables/global.

Reply via email to