openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apparmor

Stephan Kulow (coolo) accepted request 157433 from

Christian Boltz (cboltz) about 11 years ago (revision 47)

This time with better paperwork ;-)

- nscd profile: add missing permissions and deny capability block_suspend
  (bnc#807104, apparmor-profiles-nscd.diff)

Please also add this patch to openSUSE 12.3

The patch only adds permissions, which means it can't break anything.
Even "deny capability block_suspend" doesn't take away any permissions
(everything that is not allowed is denied by default). The deny rule
just disables the logging for capability block_suspend. (forwarded request 157429 from cboltz)

Stephan Kulow (coolo) accepted request 155663 from

Christian Boltz (cboltz) over 11 years ago (revision 46)

- Add missing files to SRPM (bnc#777471) (forwarded request 155632 from jengelh)

Adrian Schröter (adrianSuSE) committed over 11 years ago (revision 45)

Split 12.3 from Factory

Stephan Kulow (coolo) accepted request 148268 from

Christian Boltz (cboltz) over 11 years ago (revision 44)

- update abstractions/mysql with correct paths and add MariaDB paths
  (bnc#798183) (forwarded request 148267 from cboltz)

Stephan Kulow (coolo) accepted request 147966 from

Christian Boltz (cboltz) over 11 years ago (revision 43)

- update to AppArmor 2.8.1 (=2.8 branch r2069)
  Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1
  Most important changes are:
  - add various missing parts to profiles and abstractions
  - fix a possible x conflict with hats or child profiles in 
    apparmor_parser
  - fix and speedup stdin handling in aa-decode
  - various other bugfixes
  - add pkgconfig support to libapparmor
- remove upstream(ed) patches (forwarded request 147965 from cboltz)

Ismail Dönmez (namtrac) accepted request 144622 from

Christian Boltz (cboltz) over 11 years ago (revision 42)

- verify tarball with gpg-offline (forwarded request 144621 from cboltz)

Stephan Kulow (coolo) accepted request 136134 from

Christian Boltz (cboltz) over 11 years ago (revision 41)

- fix directory flags for /etc/apparmor.d to be in sync between
  -parser and -profiles subpackage

- remove %stop_on_removal for no longer existing aaeventd (bnc#781564)
- don't hide TeX output when building the parser and techdoc

Ismail Dönmez (namtrac) accepted request 130598 from

Christian Boltz (cboltz) almost 12 years ago (revision 40)

- clear and update inconsistent profile cache (bnc#774529)
- fix wording in two older .changes entries (usrMove -> usrMerge)

Stephan Kulow (coolo) accepted request 130009 from

Christian Boltz (cboltz) almost 12 years ago (revision 39)

- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMove) (forwarded request 130008 from cboltz)

Ismail Dönmez (namtrac) accepted request 129276 from

Christian Boltz (cboltz) almost 12 years ago (revision 38)

- Add required fonts for new TeXLive 2012 (forwarded request 129259 from WernerFink)

Stephan Kulow (coolo) accepted request 127335 from

Christian Boltz (cboltz) almost 12 years ago (revision 37)

- update /bin/ping profile to also match /usr/bin/ping (usrMove)

Please forward this fix to 12.2 (without this patch, ping will run unprotected)

Adrian Schröter (adrianSuSE) committed almost 12 years ago (revision 36)

branched from openSUSE:Factory

Stephan Kulow (coolo) accepted request 123452 from

Christian Boltz (cboltz) almost 12 years ago (revision 35)

- update to AppArmor 2.8.0 (= r2047)
  - new utility aa-easyprof - templated profile generation tool (the resulting
    profile may be less strict than profiles generated with genprof/logprof)
  - various small bugfixes
- removed upstreamed patches

Stephan Kulow (coolo) accepted request 116788 from

Christian Boltz (cboltz) about 12 years ago (revision 34)

Update AppArmor from 2.7.2 to 2.8 beta5

Details:

- add apparmor-techdoc.patch to remove traces of the build time in PDF files

- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031)
  - new utility aa-exec to confine a program with the specified AppArmor profile
  - add support for mount rules
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream
    changelog
- removed upstreamed and backported patches
- remove outdated autobuild and "disable repo" patches that were disabled since
  the AppArmor 2.7 package
- create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1
  (bnc#720617 #c7)

Stephan Kulow (coolo) accepted request 113963 from

Christian Boltz (cboltz) about 12 years ago (revision 33)

- replace patch for dnsmasq profile with upstream patch (bnc#738905)

- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't
  create network rules because of changed log format (bnc#755923, lp#800826)
- add profile for samba winbindd (bnc#748499)

- fix dnsmasq profile (bnc#738905)

- add 0001-fix-for-lp929531.patch to allow reading 
  /sys/devices/system/cpu/online in abstractions/base (lp#929531)

Stephan Kulow (coolo) accepted request 102458 from

Christian Boltz (cboltz) over 12 years ago (revision 32)

- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
  - move various permissions from httpd2-prefork profile to
    abstractions/apache2-common. Backward-incompatible change: *.htaccess
    files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
  - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
  - allow various .conf files for dovecot (lp#458922)
  - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
    and abstractions/private-files-strict (lp#911847)
  - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
    to use ~/.kde4, not only ~/.kde (bnc#741592)
  - block write access to ~/.kde{,4}/env in abstractions/private-files
    (lp#914190)
  - allow write access for personal dictionary etc. in abstractions/aspell
    (lp#917859)
  - when using genprof for a script, include read access to the script itsself
  - automatically include abstractions/python or abstractions/ruby for
    python/ruby scripts
  - add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
  - allow creation of the .config directory in abstractions/enchant (lp#914184)
  - allow TFTP read-only access in dnsmasq profile (lp#905412)
  - allow capability dac_read_search for syslog-ng (bnc#731876)
  - add p11-kit abstraction and include it in abstractions/authentification
    (lp#912754, lp#912752)
  - add audacity to abstractions/ubuntu-media-players (lp#899963)
  - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
    /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
    lp#890894, lp#890894, lp#884748)
  - fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
  - allow avahi to do dbus introspection (lp#769148)
  - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
  - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
  - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
    abstractions/cups-client (lp#887992)
  - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
    abstractions/python (lp#860856)
  - various updates to the sshd profile (lp#817956)
  - (and some more changes I already included in the apparmor-2.7-branch.diff)

Stephan Kulow (coolo) accepted request 98697 from

Christian Boltz (cboltz) over 12 years ago (revision 31)

- Update to AppArmor 2.7.0 (= r1858)
  - make traceroute6 work (bnc#733312)
  - allow access to pyconfig.h in abstractions/python (lp#840734)
  - fix logprof/genprof for hex-encoded program filenames (= filenames
    containing space etc.)
- add apparmor-2.7-branch.diff with some upstreamed fixes:
  - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
  - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
  - fix syntax error in abstractons/python

- changed a $ -> % (typo)

Stephan Kulow (coolo) accepted request 93892 from

Christian Boltz (cboltz) over 12 years ago (revision 30)

- package subdomain.conf only in -parser, not in -utils package
- package libapparmor.so and libimmunix.so only in libapparmor-devel,
  not in libapparmor1
- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
- move libapparmor.a and libimmunix.a from libapparmor1 to 
  libapparmor-devel package

- update to AppArmor 2.7.0 rc2
  Most of the changes since rc1 were already included as patches.
  Additional changes:
  - fix logprof/genprof to recognize "mknod" in audit.log
  - fix libapparmor python bindings to compile with python 3
  - fix wrong status message in initscript if apparmor-utils are not installed
  - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
  - fix some warnings in utils/Makefile
- remove 4 upstreamed patches
- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
- update line numbers in 2 patches

Stephan Kulow (coolo) accepted request 89885 from

Christian Boltz (cboltz) over 12 years ago (revision 29)

Two fixes for AppArmor profiles:
- make abstractions/winbind working on 64bit systems
- allow loading the libraries for samba "vfs objects" also on 32bit 
  systems (bnc#725967)

Please forward these profile fixes to openSUSE 12.1.

Stephan Kulow (coolo) accepted request 89465 from

Christian Boltz (cboltz) over 12 years ago (revision 28)

- allow loading the libraries for samba "vfs objects" (bnc#725967)

Please include this patch in 12.1

Displaying revisions 161 - 180 of 207

Places

Revisions of apparmor

Places