Revisions of apparmor
Dominique Leuenberger (dimstar_suse)
accepted
request 733858
from
Christian Boltz (cboltz)
(revision 130)
- add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys - add apparmor-krb5-conf-d.diff for kerberos client
Dominique Leuenberger (dimstar_suse)
accepted
request 710683
from
Christian Boltz (cboltz)
(revision 129)
- update to 2.13.3
- profile updates for dnsmasq, dovecot, identd, syslog-ng
- new "lsb_release" profile (only used when using "Px -> lsb_release")
- fix buggy syntax in tunables/share
- several abstraction updates
- parser: fix "Px -> foo-bar" (the "-" was rejected before)
- several bugfixes in aa-genprof and aa-logprof
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
for the detailed upstream changelog
- drop upstream(ed) patches:
- apparmor-nameservice-resolv-conf-link.patch
- profile_filename_cornercase.diff
- dnsmasq-libvirtd.diff
- dnsmasq-revert-alternation.diff
- usrmerge-fixes.diff
- libapparmor-swig-4.diff
- re-number remaining patches
libapparmor:
- update to AppArmor 2.13.1
- some fixes in cache handling
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
for the detailed upstream changelog
Dominique Leuenberger (dimstar_suse)
accepted
request 707833
from
Christian Boltz (cboltz)
(revision 128)
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751) (forwarded request 707832 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 697782
from
Christian Boltz (cboltz)
(revision 127)
- Disable LTO (boo#1133091). (forwarded request 697748 from marxin)
Dominique Leuenberger (dimstar_suse)
accepted
request 694060
from
Christian Boltz (cboltz)
(revision 126)
- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350) (forwarded request 694059 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 682454
from
Christian Boltz (cboltz)
(revision 125)
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877) (forwarded request 682453 from cboltz)
Stephan Kulow (coolo)
accepted
request 679945
from
Christian Boltz (cboltz)
(revision 124)
- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)
Stephan Kulow (coolo)
accepted
request 668473
from
Christian Boltz (cboltz)
(revision 123)
IMPORTANT: the dnsmasq profile update is needed by the updated libvirtd profile in SR 668191, so please include this SR in Staging:H. - add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3) - Use %license instead of %doc [bsc#1082318]
Dominique Leuenberger (dimstar_suse)
accepted
request 663646
from
Christian Boltz (cboltz)
(revision 122)
- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499) (forwarded request 663645 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 662542
from
Christian Boltz (cboltz)
(revision 121)
- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472) (forwarded request 662541 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 660711
from
Christian Boltz (cboltz)
(revision 120)
Note: please accept before SR 660554 - or put this SR into Staging:F and accept them together.
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.13.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
- update to 2.13.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- ignore "abi" rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
- remove upstream(ed) patches:
- aa-teardown-path.diff
- fix-apparmor-systemd-perms.diff
- logprof-skip-cache-d.diff
- fix-samba-profiles.patch
- make-pyflakes-happy.diff
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
- update to AppArmor 2.13.2
- no changes in libapparmor
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- update to AppArmor 2.13.1
- several bug fixes
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
Dominique Leuenberger (dimstar_suse)
accepted
request 641133
from
Christian Boltz (cboltz)
(revision 119)
- update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage - Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)
Dominique Leuenberger (dimstar_suse)
accepted
request 630976
from
Christian Boltz (cboltz)
(revision 118)
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
Dominique Leuenberger (dimstar_suse)
accepted
request 605723
from
Christian Boltz (cboltz)
(revision 117)
- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099) (forwarded request 605463 from scabrero)
Dominique Leuenberger (dimstar_suse)
accepted
request 602408
from
Christian Boltz (cboltz)
(revision 116)
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff) (forwarded request 602407 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 600115
from
Christian Boltz (cboltz)
(revision 115)
- add fix-apparmor-systemd-perms.diff: fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545) (forwarded request 600114 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 598829
from
Christian Boltz (cboltz)
(revision 114)
- create and package precompiled cache (/usr/share/apparmor/cache,
read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
new btrfs layout, the only reason for using /var/lib/apparmor/cache/
(which was "it's part of the / subvolume") is gone, and /var/cache
makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
cache locations
- clear cache also in %post of abstractions package
--------------------------------------------------------------------
- update to AppArmor 2.13
- add support for multiple cache directories and cache overlays
(boo#1069906, boo#1074429)
- add support for conditional includes in policy
- remove group restrictions from aa-notify (boo#1058787)
- aa-complain etc.: set flags for profiles represented by a glob
- aa-status: split profile from exec name
- several profile and abstraction updates
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
for the detailed upstream changelog
- drop upstreamed patches and files:
- aa-teardown
- apparmor.service
- apparmor.systemd
- 32-bit-no-uid.diff
- disable-cache-on-ro-fs.diff
- dovecot-stats.diff
- parser-write-cache-warn-only.diff
- set-flags-for-profiles-represented-by-glob.patch
- fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
and apparmor.systemd (now part of upstream Makefile)
- simplify "make -C profiles parser-check" call (upstream Makefile bug
that required to call "cd" was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
--------------------------------------------------------------------
- Set flags for profiles represented by glob (bsc#1086154)
set-flags-for-profiles-represented-by-glob.patch
fix-regression-in-set-flags.patch
libapparmor
- update to AppArmor 2.13
- add support for multiple cache directories and cache overlays
(boo#1069906, boo#1074429)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
for the detailed upstream changelog
Dominique Leuenberger (dimstar_suse)
accepted
request 595790
from
Christian Boltz (cboltz)
(revision 113)
- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753) - update 32-bit-no-uid.diff with upstream fix (forwarded request 595789 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 582183
from
Christian Boltz (cboltz)
(revision 112)
boo#1082956 (forwarded request 581986 from goldwynr)
Dominique Leuenberger (dimstar_suse)
accepted
request 566495
from
Christian Boltz (cboltz)
(revision 111)
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)
Displaying revisions 81 - 100 of 210
