Revisions of apparmor
Stephan Kulow (coolo)
accepted
request 241137
from
Christian Boltz (cboltz)
(revision 68)
- add apparmor-profiles-clustered-samba.diff to permit clustered Samba
access to CTDB socket and databases (bnc#885317)
- fix problems with dovecot and managesieve
* usr.lib.dovecot.managesieve-login: network inet6 stream
* usr.lib.dovecot.managesieve:
+#include <tunables/dovecot>
/usr/lib/dovecot/managesieve {
#include <abstractions/base>
+ capability setgid,
+ capability setuid,
+ network inet stream,
+ network inet6 stream,
+ @{DOVECOT_MAILSTORE}/ rw,
+ @{DOVECOT_MAILSTORE}/** rwkl,
- add #include <abstractions/wutmp> to usr.lib.dovecot.auth
Tomáš Chvátal (scarabeus_factory)
accepted
request 230739
from
Tomáš Chvátal (scarabeus_factory)
(revision 67)
- update usr.sbin.winbindd profile (bnc#870607) - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/ - update usr.sbin.winbindd profile (bnc#870607) - treat passdb.tdb.tmp as passdb.tdb - allow rw access to /var/tmp/ (forwarded request 228512 from lmuelle)
Tomáš Chvátal (scarabeus_factory)
accepted
request 226904
from
Christian Boltz (cboltz)
(revision 66)
- add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send) (forwarded request 226903 from cboltz)
Stephan Kulow (coolo)
accepted
request 222647
from
Christian Boltz (cboltz)
(revision 65)
- update to AppArmor 2.8.3 (r2122) bugfix release
- fix some cache clearing bugs in apparmor_parser
- various fixes in mod_apparmor
- several profile updates, most of them were already included as patches
(except abstractions/winbind (bnc#863226), abstractions/fonts and
abstractions/p11-kit)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details
- update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch
- remove upstream(ed) patches
- apparmor-2.8.2-fix-ntpd-profile.diff
- apparmor-abstractions-r2089-r2090.diff
- apparmor-abstractions-ssl_certs.diff
- apparmor-fix-url-in-manpages-r2093.diff
- apparmor-no-perl-smartmatch-r2088.diff
- apparmor-profiles-dnsmasq.diff
- apparmor-profiles-ntpd-r2103.diff
- apparmor-profiles-samba-create-dirs.diff
- apparmor-profiles-samba4.diff
- apparmor-unconfined-lang-r2094.diff
- apparmor-utils-po-de-r2091.diff
Stephan Kulow (coolo)
accepted
request 220552
from
Christian Boltz (cboltz)
(revision 64)
- use current ruby macros, the rb_sitearch is obsolete since at least 12.1 (forwarded request 220542 from coolo)
Stephan Kulow (coolo)
accepted
request 215196
from
Christian Boltz (cboltz)
(revision 63)
- update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file
and supplemental config directory (by develop7)
- update apparmor-profiles-dovecot-bnc851984.diff:
- do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary
- add abstractions/mysql
- allow execution of some more /usr/lib/dovecot/* binaries
- better restrict access to /var/spool/postfix/private/
- update usr.lib.dovecot.auth to allow to read mysql config files
- update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp:
add abstractions/nameservice instead of allowing more and more files
Stephan Kulow (coolo)
accepted
request 214399
from
Christian Boltz (cboltz)
(revision 62)
- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined)
- update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*,
/{var/,}run/dovecot/mounts, deny capability block_suspend)
- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config
created by recent NetworkManager (see
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b
for update details)
Stephan Kulow (coolo)
accepted
request 212803
from
Christian Boltz (cboltz)
(revision 61)
- add apparmor-profiles-samba-create-dirs.diff to allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651) - add abstractions/samba to usr.sbin.winbindd profile - add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131) - update dovecot profiles to support dovecot 2.x, and add profiles for the parts of dovecot that were not covered yet (bnc#851984) NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs. (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*) - %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running processes. Fixed by using a custom script instead (bnc#853019) NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time. Run aa-status to get a list of processes you need to restart, or reboot your computer. - reload profiles in %post of the apparmor-profiles package
Stephan Kulow (coolo)
accepted
request 208367
from
Christian Boltz (cboltz)
(revision 60)
- add apparmor-abstractions-ssl_certs.diff to allow access to certificates in /var/lib/ca-certificates/ (bnc#852018) (forwarded request 208366 from cboltz)
Stephan Kulow (coolo)
accepted
request 206956
from
Christian Boltz (cboltz)
(revision 59)
- add apparmor-profiles-ntpd-r2103.diff with updated driftfile location for ntpd (bnc#850374) (forwarded request 206954 from cboltz)
Stephan Kulow (coolo)
accepted
request 205616
from
Christian Boltz (cboltz)
(revision 58)
- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x and kerberos (bnc#846586#c12 and #c15) Please include this change in 13.1.
Stephan Kulow (coolo)
accepted
request 205295
from
Christian Boltz (cboltz)
(revision 57)
- add apparmor-profiles-dnsmasq.diff - add missing permissions for libvirt-generated files to dnsmasq profile (bnc#848215) Please also forward this to 13.1
Tomáš Chvátal (scarabeus_factory)
accepted
request 204033
from
Christian Boltz (cboltz)
(revision 56)
- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x (bnc#846054#c5) Please also include this change in 13.1
Tomáš Chvátal (scarabeus_factory)
accepted
request 203528
from
Christian Boltz (cboltz)
(revision 55)
- add apparmor-profiles-samba4.diff - various profile additions for samba 4.x (bnc#845867, bnc#846054) - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054) Please also include this in 13.1 - without it, it's impossible to start samba.
Stephan Kulow (coolo)
accepted
request 201623
from
Christian Boltz (cboltz)
(revision 54)
- update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py Please also include this change in 13.1
Stephan Kulow (coolo)
accepted
request 199887
from
Christian Boltz (cboltz)
(revision 53)
- add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work in all languages Please also forward those fixes to 13.1 (forwarded request 199886 from cboltz)
Stephan Kulow (coolo)
accepted
request 199336
from
Christian Boltz (cboltz)
(revision 51)
- fix ntp by allowing read access to openssl.cnf - add apparmor-utils-po-de-r2091.diff: fix some (mis)translations
Tomáš Chvátal (scarabeus_factory)
accepted
request 198936
from
Christian Boltz (cboltz)
(revision 50)
- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC (forwarded request 198933 from cboltz)
Stephan Kulow (coolo)
accepted
request 196153
from
Christian Boltz (cboltz)
(revision 49)
- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental in perl 5.18 again - use grep instead (upstream 2.8 branch r2088) - fix ruby requires (forwarded request 196152 from cboltz)
Displaying revisions 141 - 160 of 208
