Revisions of apparmor
Dominique Leuenberger (dimstar_suse)
accepted
request 682454
from
Christian Boltz (cboltz)
(revision 125)
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877) (forwarded request 682453 from cboltz)
Stephan Kulow (coolo)
accepted
request 679945
from
Christian Boltz (cboltz)
(revision 124)
- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)
Stephan Kulow (coolo)
accepted
request 668473
from
Christian Boltz (cboltz)
(revision 123)
IMPORTANT: the dnsmasq profile update is needed by the updated libvirtd profile in SR 668191, so please include this SR in Staging:H. - add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3) - Use %license instead of %doc [bsc#1082318]
Dominique Leuenberger (dimstar_suse)
accepted
request 663646
from
Christian Boltz (cboltz)
(revision 122)
- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499) (forwarded request 663645 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 662542
from
Christian Boltz (cboltz)
(revision 121)
- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472) (forwarded request 662541 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 660711
from
Christian Boltz (cboltz)
(revision 120)
Note: please accept before SR 660554 - or put this SR into Staging:F and accept them together. - netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] - update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch - update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog - remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-samba-include-permissions-for-shares.diff - add fix-syntax-error-in-rc.apparmor.functions.patch - update to AppArmor 2.13.2 - no changes in libapparmor - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - update to AppArmor 2.13.1 - several bug fixes - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog
Dominique Leuenberger (dimstar_suse)
accepted
request 641133
from
Christian Boltz (cboltz)
(revision 119)
- update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage - Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)
Dominique Leuenberger (dimstar_suse)
accepted
request 630976
from
Christian Boltz (cboltz)
(revision 118)
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
Dominique Leuenberger (dimstar_suse)
accepted
request 605723
from
Christian Boltz (cboltz)
(revision 117)
- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099) (forwarded request 605463 from scabrero)
Dominique Leuenberger (dimstar_suse)
accepted
request 602408
from
Christian Boltz (cboltz)
(revision 116)
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff) (forwarded request 602407 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 600115
from
Christian Boltz (cboltz)
(revision 115)
- add fix-apparmor-systemd-perms.diff: fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545) (forwarded request 600114 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 598829
from
Christian Boltz (cboltz)
(revision 114)
- create and package precompiled cache (/usr/share/apparmor/cache, read-only) (boo#1069906, boo#1074429) - change (writeable) cache directory to /var/cache/apparmor/ - with the new btrfs layout, the only reason for using /var/lib/apparmor/cache/ (which was "it's part of the / subvolume") is gone, and /var/cache makes more sense for the cache - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both cache locations - clear cache also in %post of abstractions package -------------------------------------------------------------------- - update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - add support for conditional includes in policy - remove group restrictions from aa-notify (boo#1058787) - aa-complain etc.: set flags for profiles represented by a glob - aa-status: split profile from exec name - several profile and abstraction updates - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog - drop upstreamed patches and files: - aa-teardown - apparmor.service - apparmor.systemd - 32-bit-no-uid.diff - disable-cache-on-ro-fs.diff - dovecot-stats.diff - parser-write-cache-warn-only.diff - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch - drop spec code that handled installing aa-teardown, apparmor.service and apparmor.systemd (now part of upstream Makefile) - simplify "make -C profiles parser-check" call (upstream Makefile bug that required to call "cd" was fixed) - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/ - move 'exec' symlink to parser package (belongs to aa-exec) -------------------------------------------------------------------- - Set flags for profiles represented by glob (bsc#1086154) set-flags-for-profiles-represented-by-glob.patch fix-regression-in-set-flags.patch libapparmor - update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog
Dominique Leuenberger (dimstar_suse)
accepted
request 595790
from
Christian Boltz (cboltz)
(revision 113)
- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753) - update 32-bit-no-uid.diff with upstream fix (forwarded request 595789 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 582183
from
Christian Boltz (cboltz)
(revision 112)
boo#1082956 (forwarded request 581986 from goldwynr)
Dominique Leuenberger (dimstar_suse)
accepted
request 566495
from
Christian Boltz (cboltz)
(revision 111)
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)
Dominique Leuenberger (dimstar_suse)
accepted
request 561675
from
Christian Boltz (cboltz)
(revision 110)
- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477) (forwarded request 561674 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 560031
from
Christian Boltz (cboltz)
(revision 109)
- add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems (forwarded request 560030 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 547738
from
Christian Boltz (cboltz)
(revision 108)
bsc#1069346 (forwarded request 546471 from goldwynr)
Dominique Leuenberger (dimstar_suse)
accepted
request 536621
from
Christian Boltz (cboltz)
(revision 107)
apparmor: - update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof Also add bugzilla reference to the previous change: - add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244) libapparmor: - update to AppArmor 2.11.1 - mostly test-related changes in libapparmor - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog (forwarded request 536620 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 534597
from
Christian Boltz (cboltz)
(revision 106)
- add nameservice-libtirpc.diff to fix NIS/YP logins (forwarded request 534596 from cboltz)
Displaying revisions 81 - 100 of 205