Revisions of apparmor
Stephan Kulow (coolo)
accepted
request 102458
from
Christian Boltz (cboltz)
(revision 32)
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
Stephan Kulow (coolo)
accepted
request 98697
from
Christian Boltz (cboltz)
(revision 31)
- Update to AppArmor 2.7.0 (= r1858)
- make traceroute6 work (bnc#733312)
- allow access to pyconfig.h in abstractions/python (lp#840734)
- fix logprof/genprof for hex-encoded program filenames (= filenames
containing space etc.)
- add apparmor-2.7-branch.diff with some upstreamed fixes:
- usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
- create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
- fix syntax error in abstractons/python
- changed a $ -> % (typo)
Stephan Kulow (coolo)
accepted
request 93892
from
Christian Boltz (cboltz)
(revision 30)
- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package - update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches
Stephan Kulow (coolo)
accepted
request 89885
from
Christian Boltz (cboltz)
(revision 29)
Two fixes for AppArmor profiles: - make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967) Please forward these profile fixes to openSUSE 12.1.
Stephan Kulow (coolo)
accepted
request 89465
from
Christian Boltz (cboltz)
(revision 28)
- allow loading the libraries for samba "vfs objects" (bnc#725967) Please include this patch in 12.1
Adrian Schröter (adrianSuSE)
committed
(revision 27)
Stephan Kulow (coolo)
accepted
request 88695
from
Christian Boltz (cboltz)
(revision 26)
- include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group
Lars Vogdt (lrupp)
accepted
request 87773
from
Christian Boltz (cboltz)
(revision 25)
- update to AppArmor 2.7.0 rc1
- aa-notify: add --display option and warn if $DISPLAY is not set
(important for usage with sudo on openSUSE)
- fix syntax error on "rcapparmor stop"
- allow read access to /proc/*/mounts in the dovecot profile
Ruediger Oertel (oertel)
accepted
request 87208
from
Christian Boltz (cboltz)
(revision 24)
- add patch with upstream changes since 2.7.0 beta2 release - add example parser.conf - print warning if profile cache directory doesn't exist - remove initscript for no longer existing aa-eventd (bnc#720617) - set correct $HOME in aa-notify - enable caching of profiles (= massive speedup) (bnc#689458) - add comments for patches in .spec and comments in some patches - run spec-cleaner - add libtool as buildrequire to make the spec file more reliable
Lars Vogdt (lrupp)
accepted
request 82501
from
Christian Boltz (cboltz)
(revision 23)
- update to AppArmor 2.7.0 beta2
- includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182,
bnc#691072, bnc#705319, bnc#713728
- add some missing perl module Requires to perl-apparmor
Sascha Peilicke (saschpe)
accepted
request 82045
from
Christian Boltz (cboltz)
(revision 22)
- update to AppArmor 2.7.0 beta1, for details see http://wiki.apparmor.net/index.php/ReleaseNotes_2_7 - removed lots of patches I pushed upstream - disabled apparmor-2.5.1-unified-build (patch to use automake, does not apply to 2.7 and probably won't be accepted upstream) - disabled build of tomcat_apparmor (doesn't build, deprecated upstream) - run spec-cleaner - remove *.la files - move usr.sbin.nscd profile back to apparmor-profiles package - Update patch apparmor-profiles-usr.sbin.dnsmasq to include /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).
Sascha Peilicke (saschpe)
accepted
request 81356
from
Stephan Kulow (coolo)
(revision 20)
- install SubDomain.pm compat module (bnc#713408) - Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper. - dhcpd: Fix apparmor profile (bnc#692428) - Fixed typos in descriptions and summaries of apparmor.spec - move the requires and prerequires to the right package
Sascha Peilicke (saschpe)
accepted
request 77678
from
Jeff Mahoney (jeff_mahoney)
(revision 18)
- Add apparmor-securityfs-systemd.patch: do not mount securityfs when running under systemd, just access the directory, systemd will automount it (bnc#704460).
Sascha Peilicke (saschpe)
accepted
request 75398
from
Stephan Kulow (coolo)
(revision 16)
- Fixed building of pam_apparmor to properly link libpam (bnc#696553). - Fixed building of apache2-mod_apparmor to properly link (bnc#701821). (forwarded request 74458 from jeff_mahoney)
Sascha Peilicke (saschpe)
accepted
request 65172
from
Jeff Mahoney (jeff_mahoney)
(revision 14)
Accepted submit request 65172 from user licensedigger
Displaying revisions 181 - 200 of 212
