Revisions of apparmor
Stephan Kulow (coolo)
accepted
request 241137
from
Christian Boltz (cboltz)
(revision 68)
- add apparmor-profiles-clustered-samba.diff to permit clustered Samba access to CTDB socket and databases (bnc#885317) - fix problems with dovecot and managesieve * usr.lib.dovecot.managesieve-login: network inet6 stream * usr.lib.dovecot.managesieve: +#include <tunables/dovecot> /usr/lib/dovecot/managesieve { #include <abstractions/base> + capability setgid, + capability setuid, + network inet stream, + network inet6 stream, + @{DOVECOT_MAILSTORE}/ rw, + @{DOVECOT_MAILSTORE}/** rwkl, - add #include <abstractions/wutmp> to usr.lib.dovecot.auth
Tomáš Chvátal (scarabeus_factory)
accepted
request 230739
from
Tomáš Chvátal (scarabeus_factory)
(revision 67)
- update usr.sbin.winbindd profile (bnc#870607) - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/ - update usr.sbin.winbindd profile (bnc#870607) - treat passdb.tdb.tmp as passdb.tdb - allow rw access to /var/tmp/ (forwarded request 228512 from lmuelle)
Tomáš Chvátal (scarabeus_factory)
accepted
request 226904
from
Christian Boltz (cboltz)
(revision 66)
- add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send) (forwarded request 226903 from cboltz)
Stephan Kulow (coolo)
accepted
request 222647
from
Christian Boltz (cboltz)
(revision 65)
- update to AppArmor 2.8.3 (r2122) bugfix release - fix some cache clearing bugs in apparmor_parser - various fixes in mod_apparmor - several profile updates, most of them were already included as patches (except abstractions/winbind (bnc#863226), abstractions/fonts and abstractions/p11-kit) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details - update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch - remove upstream(ed) patches - apparmor-2.8.2-fix-ntpd-profile.diff - apparmor-abstractions-r2089-r2090.diff - apparmor-abstractions-ssl_certs.diff - apparmor-fix-url-in-manpages-r2093.diff - apparmor-no-perl-smartmatch-r2088.diff - apparmor-profiles-dnsmasq.diff - apparmor-profiles-ntpd-r2103.diff - apparmor-profiles-samba-create-dirs.diff - apparmor-profiles-samba4.diff - apparmor-unconfined-lang-r2094.diff - apparmor-utils-po-de-r2091.diff
Stephan Kulow (coolo)
accepted
request 220552
from
Christian Boltz (cboltz)
(revision 64)
- use current ruby macros, the rb_sitearch is obsolete since at least 12.1 (forwarded request 220542 from coolo)
Stephan Kulow (coolo)
accepted
request 215196
from
Christian Boltz (cboltz)
(revision 63)
- update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file and supplemental config directory (by develop7) - update apparmor-profiles-dovecot-bnc851984.diff: - do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary - add abstractions/mysql - allow execution of some more /usr/lib/dovecot/* binaries - better restrict access to /var/spool/postfix/private/ - update usr.lib.dovecot.auth to allow to read mysql config files - update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp: add abstractions/nameservice instead of allowing more and more files
Stephan Kulow (coolo)
accepted
request 214399
from
Christian Boltz (cboltz)
(revision 62)
- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined) - update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*, /{var/,}run/dovecot/mounts, deny capability block_suspend) - add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config created by recent NetworkManager (see http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b for update details)
Stephan Kulow (coolo)
accepted
request 212803
from
Christian Boltz (cboltz)
(revision 61)
- add apparmor-profiles-samba-create-dirs.diff to allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651) - add abstractions/samba to usr.sbin.winbindd profile - add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131) - update dovecot profiles to support dovecot 2.x, and add profiles for the parts of dovecot that were not covered yet (bnc#851984) NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs. (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*) - %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running processes. Fixed by using a custom script instead (bnc#853019) NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time. Run aa-status to get a list of processes you need to restart, or reboot your computer. - reload profiles in %post of the apparmor-profiles package
Stephan Kulow (coolo)
accepted
request 208367
from
Christian Boltz (cboltz)
(revision 60)
- add apparmor-abstractions-ssl_certs.diff to allow access to certificates in /var/lib/ca-certificates/ (bnc#852018) (forwarded request 208366 from cboltz)
Stephan Kulow (coolo)
accepted
request 206956
from
Christian Boltz (cboltz)
(revision 59)
- add apparmor-profiles-ntpd-r2103.diff with updated driftfile location for ntpd (bnc#850374) (forwarded request 206954 from cboltz)
Stephan Kulow (coolo)
accepted
request 205616
from
Christian Boltz (cboltz)
(revision 58)
- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x and kerberos (bnc#846586#c12 and #c15) Please include this change in 13.1.
Stephan Kulow (coolo)
accepted
request 205295
from
Christian Boltz (cboltz)
(revision 57)
- add apparmor-profiles-dnsmasq.diff - add missing permissions for libvirt-generated files to dnsmasq profile (bnc#848215) Please also forward this to 13.1
Tomáš Chvátal (scarabeus_factory)
accepted
request 204033
from
Christian Boltz (cboltz)
(revision 56)
- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x (bnc#846054#c5) Please also include this change in 13.1
Tomáš Chvátal (scarabeus_factory)
accepted
request 203528
from
Christian Boltz (cboltz)
(revision 55)
- add apparmor-profiles-samba4.diff - various profile additions for samba 4.x (bnc#845867, bnc#846054) - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054) Please also include this in 13.1 - without it, it's impossible to start samba.
Stephan Kulow (coolo)
accepted
request 201623
from
Christian Boltz (cboltz)
(revision 54)
- update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py Please also include this change in 13.1
Stephan Kulow (coolo)
accepted
request 199887
from
Christian Boltz (cboltz)
(revision 53)
- add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work in all languages Please also forward those fixes to 13.1 (forwarded request 199886 from cboltz)
Adrian Schröter (adrianSuSE)
committed
(revision 52)
Split 13.1 from Factory
Stephan Kulow (coolo)
accepted
request 199336
from
Christian Boltz (cboltz)
(revision 51)
- fix ntp by allowing read access to openssl.cnf - add apparmor-utils-po-de-r2091.diff: fix some (mis)translations
Tomáš Chvátal (scarabeus_factory)
accepted
request 198936
from
Christian Boltz (cboltz)
(revision 50)
- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC (forwarded request 198933 from cboltz)
Stephan Kulow (coolo)
accepted
request 196153
from
Christian Boltz (cboltz)
(revision 49)
- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental in perl 5.18 again - use grep instead (upstream 2.8 branch r2088) - fix ruby requires (forwarded request 196152 from cboltz)
Displaying revisions 141 - 160 of 208