Revisions of apparmor
Stephan Kulow (coolo)
accepted
request 102458
from
Christian Boltz (cboltz)
(revision 32)
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff)
Stephan Kulow (coolo)
accepted
request 98697
from
Christian Boltz (cboltz)
(revision 31)
- Update to AppArmor 2.7.0 (= r1858) - make traceroute6 work (bnc#733312) - allow access to pyconfig.h in abstractions/python (lp#840734) - fix logprof/genprof for hex-encoded program filenames (= filenames containing space etc.) - add apparmor-2.7-branch.diff with some upstreamed fixes: - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file - fix syntax error in abstractons/python - changed a $ -> % (typo)
Stephan Kulow (coolo)
accepted
request 93892
from
Christian Boltz (cboltz)
(revision 30)
- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package - update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches
Stephan Kulow (coolo)
accepted
request 89885
from
Christian Boltz (cboltz)
(revision 29)
Two fixes for AppArmor profiles: - make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967) Please forward these profile fixes to openSUSE 12.1.
Stephan Kulow (coolo)
accepted
request 89465
from
Christian Boltz (cboltz)
(revision 28)
- allow loading the libraries for samba "vfs objects" (bnc#725967) Please include this patch in 12.1
Adrian Schröter (adrianSuSE)
committed
(revision 27)
Stephan Kulow (coolo)
accepted
request 88695
from
Christian Boltz (cboltz)
(revision 26)
- include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group
Lars Vogdt (lrupp)
accepted
request 87773
from
Christian Boltz (cboltz)
(revision 25)
- update to AppArmor 2.7.0 rc1 - aa-notify: add --display option and warn if $DISPLAY is not set (important for usage with sudo on openSUSE) - fix syntax error on "rcapparmor stop" - allow read access to /proc/*/mounts in the dovecot profile
Ruediger Oertel (oertel)
accepted
request 87208
from
Christian Boltz (cboltz)
(revision 24)
- add patch with upstream changes since 2.7.0 beta2 release - add example parser.conf - print warning if profile cache directory doesn't exist - remove initscript for no longer existing aa-eventd (bnc#720617) - set correct $HOME in aa-notify - enable caching of profiles (= massive speedup) (bnc#689458) - add comments for patches in .spec and comments in some patches - run spec-cleaner - add libtool as buildrequire to make the spec file more reliable
Lars Vogdt (lrupp)
accepted
request 82501
from
Christian Boltz (cboltz)
(revision 23)
- update to AppArmor 2.7.0 beta2 - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182, bnc#691072, bnc#705319, bnc#713728 - add some missing perl module Requires to perl-apparmor
Sascha Peilicke (saschpe)
accepted
request 82045
from
Christian Boltz (cboltz)
(revision 22)
- update to AppArmor 2.7.0 beta1, for details see http://wiki.apparmor.net/index.php/ReleaseNotes_2_7 - removed lots of patches I pushed upstream - disabled apparmor-2.5.1-unified-build (patch to use automake, does not apply to 2.7 and probably won't be accepted upstream) - disabled build of tomcat_apparmor (doesn't build, deprecated upstream) - run spec-cleaner - remove *.la files - move usr.sbin.nscd profile back to apparmor-profiles package - Update patch apparmor-profiles-usr.sbin.dnsmasq to include /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).
Sascha Peilicke (saschpe)
committed
(revision 21)
Autobuild autoformatter for 81356
Sascha Peilicke (saschpe)
accepted
request 81356
from
Stephan Kulow (coolo)
(revision 20)
- install SubDomain.pm compat module (bnc#713408) - Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper. - dhcpd: Fix apparmor profile (bnc#692428) - Fixed typos in descriptions and summaries of apparmor.spec - move the requires and prerequires to the right package
Sascha Peilicke (saschpe)
committed
(revision 19)
Autobuild autoformatter for 77678
Sascha Peilicke (saschpe)
accepted
request 77678
from
Jeff Mahoney (jeff_mahoney)
(revision 18)
- Add apparmor-securityfs-systemd.patch: do not mount securityfs when running under systemd, just access the directory, systemd will automount it (bnc#704460).
Sascha Peilicke (saschpe)
committed
(revision 17)
Autobuild autoformatter for 75398
Sascha Peilicke (saschpe)
accepted
request 75398
from
Stephan Kulow (coolo)
(revision 16)
- Fixed building of pam_apparmor to properly link libpam (bnc#696553). - Fixed building of apache2-mod_apparmor to properly link (bnc#701821). (forwarded request 74458 from jeff_mahoney)
Sascha Peilicke (saschpe)
committed
(revision 15)
Autobuild autoformatter for 65172
Sascha Peilicke (saschpe)
accepted
request 65172
from
Jeff Mahoney (jeff_mahoney)
(revision 14)
Accepted submit request 65172 from user licensedigger
Sascha Peilicke (saschpe)
committed
(revision 13)
Autobuild autoformatter for 63720
Displaying revisions 181 - 200 of 212