commit apparmor for openSUSE:Factory

Thu, 23 Jan 2014 06:40:36 -0800 

Hello community,

here is the log from the commit of package apparmor for openSUSE:Factory 
checked in at 2014-01-20 16:23:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.apparmor.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apparmor"

Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes        2014-01-05 
11:31:06.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes   2014-01-23 
15:39:45.000000000 +0100
@@ -1,0 +2,15 @@
+Sun Jan 19 14:51:33 UTC 2014 - opens...@cboltz.de
+
+- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined)
+- update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*, 
+  /{var/,}run/dovecot/mounts, deny capability block_suspend)
+
+-------------------------------------------------------------------
+Fri Jan 17 16:29:54 UTC 2014 - devel...@develop7.info
+
+- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config 
+  created by recent NetworkManager (see 
+  
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b
 
+  for update details)
+
+-------------------------------------------------------------------

New:
----
  apparmor-2.8.2-nm-dnsmasq-config.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.bbdDox/_old  2014-01-23 15:39:46.000000000 +0100
+++ /var/tmp/diff_new_pack.bbdDox/_new  2014-01-23 15:39:46.000000000 +0100
@@ -148,6 +148,9 @@
 # Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, 
kkae...@suse.de
 Patch22:        ruby-2_0-mkmf-destdir.patch
 
+# dnsmasq - allow to read config created by recent NetworkManager - commited 
upstream trunk r2323, 2.8 branch r2110
+Patch23:        apparmor-2.8.2-nm-dnsmasq-config.patch
+
 Url:            https://launchpad.net/apparmor
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -403,6 +406,8 @@
 Requires:       libapparmor1 = %{version}
 Requires:       perl = %{perl_version}
 Requires:       perl-apparmor = %{version}
+# aa-unconfined needs netstat
+Recommends:     net-tools
 BuildArch:      noarch
 
 %description utils
@@ -533,6 +538,11 @@
 %patch22 -p1
 %endif
 
+# affected NM is shipped since openSUSE >= 13.1
+%if 0%{?suse_version} > 1310
+%patch23
+%endif
+
 # profile for winbindd (bnc#748499, submitted upstream 2012-11-06, trunk r2078)
 test ! -e profiles/apparmor.d/usr.sbin.winbindd
 cp %{SOURCE10} profiles/apparmor.d/

++++++ apparmor-2.8.2-nm-dnsmasq-config.patch ++++++
Index: profiles/apparmor.d/usr.sbin.dnsmasq
===================================================================
--- profiles/apparmor.d/usr.sbin.dnsmasq.orig
+++ profiles/apparmor.d/usr.sbin.dnsmasq
@@ -54,6 +54,8 @@
   # NetworkManager integration
   /{,var/}run/nm-dns-dnsmasq.conf r,
   /{,var/}run/sendsigs.omit.d/*dnsmasq.pid w,
+  # new dnsmasq config path (as of 2012-11-05)
+  /{,var/}run/NetworkManager/dnsmasq.conf r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.sbin.dnsmasq>


++++++ usr.lib.dovecot.lmtp ++++++
--- /var/tmp/diff_new_pack.bbdDox/_old  2014-01-23 15:39:46.000000000 +0100
+++ /var/tmp/diff_new_pack.bbdDox/_new  2014-01-23 15:39:46.000000000 +0100
@@ -15,6 +15,8 @@
 /usr/lib/dovecot/lmtp {
   #include <abstractions/base>
 
+  deny capability block_suspend,
+
   capability dac_override,
   capability setgid,
   capability setuid,
@@ -23,7 +25,10 @@
   @{DOVECOT_MAILSTORE}/** rwkl,
 
   /etc/resolv.conf r,
+  /proc/*/mounts r,
+  /tmp/dovecot.lmtp.* rw,
   /usr/lib/dovecot/lmtp mr,
+  /{var/,}run/dovecot/mounts r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.lib.dovecot.lmtp>

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to