Revisions of apparmor

Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 102458 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 32)
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
  - move various permissions from httpd2-prefork profile to
    abstractions/apache2-common. Backward-incompatible change: *.htaccess
    files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
  - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
  - allow various .conf files for dovecot (lp#458922)
  - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
    and abstractions/private-files-strict (lp#911847)
  - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
    to use ~/.kde4, not only ~/.kde (bnc#741592)
  - block write access to ~/.kde{,4}/env in abstractions/private-files
    (lp#914190)
  - allow write access for personal dictionary etc. in abstractions/aspell
    (lp#917859)
  - when using genprof for a script, include read access to the script itsself
  - automatically include abstractions/python or abstractions/ruby for
    python/ruby scripts
  - add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
  - allow creation of the .config directory in abstractions/enchant (lp#914184)
  - allow TFTP read-only access in dnsmasq profile (lp#905412)
  - allow capability dac_read_search for syslog-ng (bnc#731876)
  - add p11-kit abstraction and include it in abstractions/authentification
    (lp#912754, lp#912752)
  - add audacity to abstractions/ubuntu-media-players (lp#899963)
  - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
    /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
    lp#890894, lp#890894, lp#884748)
  - fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
  - allow avahi to do dbus introspection (lp#769148)
  - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
  - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
  - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
    abstractions/cups-client (lp#887992)
  - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
    abstractions/python (lp#860856)
  - various updates to the sshd profile (lp#817956)
  - (and some more changes I already included in the apparmor-2.7-branch.diff)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 98697 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 31)
- Update to AppArmor 2.7.0 (= r1858)
  - make traceroute6 work (bnc#733312)
  - allow access to pyconfig.h in abstractions/python (lp#840734)
  - fix logprof/genprof for hex-encoded program filenames (= filenames
    containing space etc.)
- add apparmor-2.7-branch.diff with some upstreamed fixes:
  - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
  - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
  - fix syntax error in abstractons/python

- changed a $ -> % (typo)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 93892 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 30)
- package subdomain.conf only in -parser, not in -utils package
- package libapparmor.so and libimmunix.so only in libapparmor-devel,
  not in libapparmor1
- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
- move libapparmor.a and libimmunix.a from libapparmor1 to 
  libapparmor-devel package

- update to AppArmor 2.7.0 rc2
  Most of the changes since rc1 were already included as patches.
  Additional changes:
  - fix logprof/genprof to recognize "mknod" in audit.log
  - fix libapparmor python bindings to compile with python 3
  - fix wrong status message in initscript if apparmor-utils are not installed
  - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
  - fix some warnings in utils/Makefile
- remove 4 upstreamed patches
- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
- update line numbers in 2 patches
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 89885 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 29)
Two fixes for AppArmor profiles:
- make abstractions/winbind working on 64bit systems
- allow loading the libraries for samba "vfs objects" also on 32bit 
  systems (bnc#725967)

Please forward these profile fixes to openSUSE 12.1.
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 89465 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 28)
- allow loading the libraries for samba "vfs objects" (bnc#725967)

Please include this patch in 12.1
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 27)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 88695 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 26)
- include autogenerated profile sniplet for samba shares (bnc#688040)
- more helpful error message for "aa-notify -p" if the user is not in
  the configured group
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 87773 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 25)
- update to AppArmor 2.7.0 rc1
  - aa-notify: add --display option and warn if $DISPLAY is not set
    (important for usage with sudo on openSUSE)
  - fix syntax error on "rcapparmor stop"
  - allow read access to /proc/*/mounts in the dovecot profile
Ruediger Oertel's avatar Ruediger Oertel (oertel) accepted request 87208 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 24)
- add patch with upstream changes since 2.7.0 beta2 release
  - add example parser.conf
  - print warning if profile cache directory doesn't exist
  - remove initscript for no longer existing aa-eventd (bnc#720617)
  - set correct $HOME in aa-notify
- enable caching of profiles (= massive speedup) (bnc#689458)
- add comments for patches in .spec and comments in some patches
- run spec-cleaner

- add libtool as buildrequire to make the spec file more reliable
Lars Vogdt's avatar Lars Vogdt (lrupp) accepted request 82501 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 23)
- update to AppArmor 2.7.0 beta2
  - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182,
    bnc#691072, bnc#705319, bnc#713728
- add some missing perl module Requires to perl-apparmor
Sascha Peilicke's avatar Sascha Peilicke (saschpe) accepted request 82045 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 22)
- update to AppArmor 2.7.0 beta1, for details see 
  http://wiki.apparmor.net/index.php/ReleaseNotes_2_7
- removed lots of patches I pushed upstream
- disabled apparmor-2.5.1-unified-build (patch to use automake,
  does not apply to 2.7 and probably won't be accepted upstream)
- disabled build of tomcat_apparmor (doesn't build, deprecated upstream)
- run spec-cleaner
- remove *.la files
- move usr.sbin.nscd profile back to apparmor-profiles package

- Update patch apparmor-profiles-usr.sbin.dnsmasq to include
  /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).
Sascha Peilicke's avatar Sascha Peilicke (saschpe) committed (revision 21)
Autobuild autoformatter for 81356
Sascha Peilicke's avatar Sascha Peilicke (saschpe) accepted request 81356 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 20)
- install SubDomain.pm compat module (bnc#713408)

- Update to 2.6.1.
  - One patch eliminated
  - Lots of minor fixes
  - Split out more common abstractions
- Add check_for_apparmor() helper.

- dhcpd: Fix apparmor profile (bnc#692428)

 
- Fixed typos in descriptions and summaries of apparmor.spec
 

- move the requires and prerequires to the right package
Sascha Peilicke's avatar Sascha Peilicke (saschpe) committed (revision 19)
Autobuild autoformatter for 77678
Sascha Peilicke's avatar Sascha Peilicke (saschpe) accepted request 77678 from Jeff Mahoney's avatar Jeff Mahoney (jeff_mahoney) (revision 18)
- Add apparmor-securityfs-systemd.patch: do not mount securityfs
  when running under systemd, just access the directory, systemd
  will automount it (bnc#704460).
Sascha Peilicke's avatar Sascha Peilicke (saschpe) committed (revision 17)
Autobuild autoformatter for 75398
Sascha Peilicke's avatar Sascha Peilicke (saschpe) accepted request 75398 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 16)
- Fixed building of pam_apparmor to properly link libpam (bnc#696553).
- Fixed building of apache2-mod_apparmor to properly link (bnc#701821). (forwarded request 74458 from jeff_mahoney)
Sascha Peilicke's avatar Sascha Peilicke (saschpe) committed (revision 15)
Autobuild autoformatter for 65172
Sascha Peilicke's avatar Sascha Peilicke (saschpe) accepted request 65172 from Jeff Mahoney's avatar Jeff Mahoney (jeff_mahoney) (revision 14)
Accepted submit request 65172 from user licensedigger
Sascha Peilicke's avatar Sascha Peilicke (saschpe) committed (revision 13)
Autobuild autoformatter for 63720
Displaying revisions 181 - 200 of 212
openSUSE Build Service is sponsored by