Revisions of apparmor
Stephan Kulow (coolo)
accepted
request 157433
from
Christian Boltz (cboltz)
(revision 47)
This time with better paperwork ;-) - nscd profile: add missing permissions and deny capability block_suspend (bnc#807104, apparmor-profiles-nscd.diff) Please also add this patch to openSUSE 12.3 The patch only adds permissions, which means it can't break anything. Even "deny capability block_suspend" doesn't take away any permissions (everything that is not allowed is denied by default). The deny rule just disables the logging for capability block_suspend. (forwarded request 157429 from cboltz)
Stephan Kulow (coolo)
accepted
request 155663
from
Christian Boltz (cboltz)
(revision 46)
- Add missing files to SRPM (bnc#777471) (forwarded request 155632 from jengelh)
Adrian Schröter (adrianSuSE)
committed
(revision 45)
Split 12.3 from Factory
Stephan Kulow (coolo)
accepted
request 148268
from
Christian Boltz (cboltz)
(revision 44)
- update abstractions/mysql with correct paths and add MariaDB paths (bnc#798183) (forwarded request 148267 from cboltz)
Stephan Kulow (coolo)
accepted
request 147966
from
Christian Boltz (cboltz)
(revision 43)
- update to AppArmor 2.8.1 (=2.8 branch r2069) Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1 Most important changes are: - add various missing parts to profiles and abstractions - fix a possible x conflict with hats or child profiles in apparmor_parser - fix and speedup stdin handling in aa-decode - various other bugfixes - add pkgconfig support to libapparmor - remove upstream(ed) patches (forwarded request 147965 from cboltz)
Ismail Dönmez (namtrac)
accepted
request 144622
from
Christian Boltz (cboltz)
(revision 42)
- verify tarball with gpg-offline (forwarded request 144621 from cboltz)
Stephan Kulow (coolo)
accepted
request 136134
from
Christian Boltz (cboltz)
(revision 41)
- fix directory flags for /etc/apparmor.d to be in sync between -parser and -profiles subpackage - remove %stop_on_removal for no longer existing aaeventd (bnc#781564) - don't hide TeX output when building the parser and techdoc
Ismail Dönmez (namtrac)
accepted
request 130598
from
Christian Boltz (cboltz)
(revision 40)
- clear and update inconsistent profile cache (bnc#774529) - fix wording in two older .changes entries (usrMove -> usrMerge)
Stephan Kulow (coolo)
accepted
request 130009
from
Christian Boltz (cboltz)
(revision 39)
- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMove) (forwarded request 130008 from cboltz)
Ismail Dönmez (namtrac)
accepted
request 129276
from
Christian Boltz (cboltz)
(revision 38)
- Add required fonts for new TeXLive 2012 (forwarded request 129259 from WernerFink)
Stephan Kulow (coolo)
accepted
request 127335
from
Christian Boltz (cboltz)
(revision 37)
- update /bin/ping profile to also match /usr/bin/ping (usrMove) Please forward this fix to 12.2 (without this patch, ping will run unprotected)
Adrian Schröter (adrianSuSE)
committed
(revision 36)
branched from openSUSE:Factory
Stephan Kulow (coolo)
accepted
request 123452
from
Christian Boltz (cboltz)
(revision 35)
- update to AppArmor 2.8.0 (= r2047) - new utility aa-easyprof - templated profile generation tool (the resulting profile may be less strict than profiles generated with genprof/logprof) - various small bugfixes - removed upstreamed patches
Stephan Kulow (coolo)
accepted
request 116788
from
Christian Boltz (cboltz)
(revision 34)
Update AppArmor from 2.7.2 to 2.8 beta5 Details: - add apparmor-techdoc.patch to remove traces of the build time in PDF files - update to AppArmor 2.8 beta5 (= 2.7.103 / r2031) - new utility aa-exec to confine a program with the specified AppArmor profile - add support for mount rules - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream changelog - removed upstreamed and backported patches - remove outdated autobuild and "disable repo" patches that were disabled since the AppArmor 2.7 package - create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1 (bnc#720617 #c7)
Stephan Kulow (coolo)
accepted
request 113963
from
Christian Boltz (cboltz)
(revision 33)
- replace patch for dnsmasq profile with upstream patch (bnc#738905) - add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't create network rules because of changed log format (bnc#755923, lp#800826) - add profile for samba winbindd (bnc#748499) - fix dnsmasq profile (bnc#738905) - add 0001-fix-for-lp929531.patch to allow reading /sys/devices/system/cpu/online in abstractions/base (lp#929531)
Stephan Kulow (coolo)
accepted
request 102458
from
Christian Boltz (cboltz)
(revision 32)
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff)
Stephan Kulow (coolo)
accepted
request 98697
from
Christian Boltz (cboltz)
(revision 31)
- Update to AppArmor 2.7.0 (= r1858) - make traceroute6 work (bnc#733312) - allow access to pyconfig.h in abstractions/python (lp#840734) - fix logprof/genprof for hex-encoded program filenames (= filenames containing space etc.) - add apparmor-2.7-branch.diff with some upstreamed fixes: - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file - fix syntax error in abstractons/python - changed a $ -> % (typo)
Stephan Kulow (coolo)
accepted
request 93892
from
Christian Boltz (cboltz)
(revision 30)
- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package - update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches
Stephan Kulow (coolo)
accepted
request 89885
from
Christian Boltz (cboltz)
(revision 29)
Two fixes for AppArmor profiles: - make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967) Please forward these profile fixes to openSUSE 12.1.
Stephan Kulow (coolo)
accepted
request 89465
from
Christian Boltz (cboltz)
(revision 28)
- allow loading the libraries for samba "vfs objects" (bnc#725967) Please include this patch in 12.1
Displaying revisions 161 - 180 of 207