Bug#894161: tcpdump: drop no longer needed 'capability sys_module' rule

2018-03-28 Thread Romain Francoise 
Hi,

On Mon, Mar 26, 2018 at 10:48 PM, Jamie Strandboge  wrote:
> In Ubuntu, the attached patch was applied to achieve the following:
>
>   * debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already
> have 'net_admin' and network module loading (which happens with -D) is
> allowed with 'net_admin' (LP: #1759029)
>
> Thanks for considering the patch.

Ok, no objection, will merge. Thanks!

Bug#894161: tcpdump: drop no longer needed 'capability sys_module' rule

2018-03-26 Thread Jamie Strandboge 
Package: tcpdump
Version: 4.9.2-2
Severity: normal
Tags: patch modify-profile
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu bionic ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:

  * debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already
have 'net_admin' and network module loading (which happens with -D) is
allowed with 'net_admin' (LP: #1759029)

Thanks for considering the patch.


-- System Information:
Debian Release: buster/sid
  APT prefers bionic
  APT policy: (500, 'bionic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru tcpdump-4.9.2/debian/control tcpdump-4.9.2/debian/control
--- tcpdump-4.9.2/debian/control2018-02-05 10:54:46.0 -0600
+++ tcpdump-4.9.2/debian/control2018-03-26 15:28:20.0 -0500
@@ -1,8 +1,7 @@
 Source: tcpdump
 Section: net
 Priority: optional
-Maintainer: Ubuntu Developers 
-XSBC-Original-Maintainer: Romain Francoise 
+Maintainer: Romain Francoise 
 Build-Depends: debhelper (>= 8.9.4~),
dh-apparmor,
dh-autoreconf,
diff -Nru tcpdump-4.9.2/debian/usr.sbin.tcpdump 
tcpdump-4.9.2/debian/usr.sbin.tcpdump
--- tcpdump-4.9.2/debian/usr.sbin.tcpdump   2017-12-31 08:48:36.0 
-0600
+++ tcpdump-4.9.2/debian/usr.sbin.tcpdump   2018-03-26 15:28:20.0 
-0500
@@ -1,6 +1,4 @@
 # vim:syntax=apparmor
-# Last Modified: Wed Feb  3 07:58:30 2009
-# Author: Jamie Strandboge 
 #include 
 
 /usr/sbin/tcpdump {
@@ -16,7 +14,6 @@
   network packet,
 
   # for -D
-  capability sys_module,
   @{PROC}/bus/usb/ r,
   @{PROC}/bus/usb/** r,