File apparmor-profiles.changes of Package apparmor-profiles
-------------------------------------------------------------------
Fri Nov 21 12:57:24 CET 2008 - jjohansen@suse.de
- fixes for
bnc#436849 - Not able to start "syslog" service on a QS21 diskless
machine
bnc#436262 - adding missing file for Firefox profiles do not work
with current Firefox
-------------------------------------------------------------------
Fri Nov 7 14:40:18 CET 2008 - jjohansen@suse.de
- Fix bnc#431222 - apparmor profile for avahi doesn't allow introspection
-------------------------------------------------------------------
Wed Nov 5 17:09:44 CET 2008 - jjohansen@suse.de
- fixes for
bnc#405317 - nscd needs to read /etc/netgroupbnc#436849 Not able to start
"syslog" service on a QS21 diskless machine
bnc#421728 - AppArmor prevents some network utilities from accessing
avahi-daemon socket
bnc#344376 - Default apparmor profile for nscd should include rights to
/var/log/nscd.log
bnc#405317 - nscd needs to read /etc/netgroup
bnc#425041 - AppArmor disallows "/sbin/syslog-ng" to access "/dev/syslog"
bnc#436262 - Firefox profiles do not work with current Firefox
- apply previous patch files against upstream profiles (now in tarball)
usr.bin.opera-bnc#307365.patch
sbin.syslogd-bnc#33144.patch
sbin.syslog-ng-bnc#334557.patch
usr.sbin.ntpd-bnc#230700.patch
ntp-chroot-bnc#256291.patch
ntp-dac_override-pidfile.patch
usr.sbin.ntpd-bnc#433368#402693.patch
Tue Oct 14 17:20:23 CEST 2008 - varkoly@suse.de
- patch ntp und xad profile bnc#402693 and bnc#433368
-------------------------------------------------------------------
Wed Aug 6 20:19:12 CEST 2008 - ro@suse.de
- add dac_override to ntp profile to let it write its pid file
-------------------------------------------------------------------
Wed May 7 02:30:59 CEST 2008 - jjohansen@suse.de
- patch usr.bin.opera so that it will allow startup bnc#307365
- patch sbin.syslogd to allow locking of log file bnc#33144
- patch sbin.syslog-ng bnc#334557
- patch ntp profile bnc#230700 and bnc#256291
-------------------------------------------------------------------
Mon Apr 7 23:43:54 CEST 2008 - jjohansen@suse.de
- Bump version to 2.3 in preparation for AppArmor 2.3 code drop
-------------------------------------------------------------------
Tue Mar 25 12:41:58 CET 2008 - varkoly@suse.de
- Bug 333525 - xntp ntpd does not work with ipv6 servers
-------------------------------------------------------------------
Thu Mar 13 17:14:13 CET 2008 - ro@suse.de
- updated ntpd profile
-------------------------------------------------------------------
Wed Aug 29 02:09:06 CEST 2007 - srarnold@suse.de
[ changes from mathiaz, sbeattie, seth.arnold, dreynolds]
- ping network inet raw
- nscd network stream
- Ubuntu Launchpad bug #132468, nameservice abstraction resolv.conf
- Bug 241479 - Fix for usr.sbin.nscd profile
- Bug 287579 - <abstractions/X> doesn't allow access to /usr/share/X11
and other xorg directories
- Bug 288960 - nscd with nss_ldap and sasl/gss bind to ldap server
failed
- Bug 295086 - abstractions/X lists /usr/X11R6
- abstractions fixes from Mathias Gug (Ubuntu)
-------------------------------------------------------------------
Mon Aug 20 03:55:00 CEST 2007 - dreynolds@suse.de
[ changes from mathiaz, sbeattie, seth.arnold, dreynolds ]
- Unbuntu Launchpad bug #132468: Nameservice abstraction should also include
/var/run/resolvconf/resolv.conf:
- Fix to ntpd profile from Mathias Gug <mathiaz-at-ubuntu.com> of Ubuntu.
- Bug 288470 - ntp profile rejects access to /var/lib/ntp/etc/localtime
- Updates for cupsd. Add inet|inet6 dgram|stream to nameservice abstraction
-------------------------------------------------------------------
Fri Aug 17 20:56:46 CEST 2007 - srarnold@suse.de
- Bug 288470 - ntp profile rejects access to /var/lib/ntp/etc/localtime
- Fix to ntpd profile from Mathias Gug <mathiaz@ubuntu.com> of Ubuntu.
(sbeattie)
- Launchpad bug #132468: Nameservice abstraction should also include
/var/run/resolvconf/resolv.conf
-------------------------------------------------------------------
Tue Aug 7 15:31:28 CEST 2007 - dreynolds@suse.de
- Update klogd profile for locking permission 'k' to pid file
-------------------------------------------------------------------
Mon Aug 6 18:37:52 CEST 2007 - dreynolds@suse.de
- Updated profiles for network toggle mediation
- Added profile for avahi-daemon
- Added profile for cupsd to extras
-------------------------------------------------------------------
Tue Jun 12 00:56:41 CEST 2007 - srarnold@suse.de
- Postfix directories to new syntax
-------------------------------------------------------------------
Mon Jun 11 21:01:34 CEST 2007 - srarnold@suse.de
- Remove /usr/X11R6 references
-------------------------------------------------------------------
Mon Jun 11 20:29:01 CEST 2007 - srarnold@suse.de
- dhcpcd fixes
- resmgr fix
-------------------------------------------------------------------
Mon Jun 11 19:37:11 CEST 2007 - srarnold@suse.de
- Remove /opt/gnome references
- Remove /usr/X11R6 references
- Update to newer evolution version numbers
- Rename ethereal -> wireshark
- Create 64 bit version of gconfd-2
-------------------------------------------------------------------
Tue Jun 5 23:44:04 CEST 2007 - srarnold@suse.de
- Updates to ntpd from Mathias Gug
-------------------------------------------------------------------
Sat Jun 2 02:12:18 CEST 2007 - srarnold@suse.de
- Updates to ntpd and klogd from Mathias Gug
- Updates to httpd2-prefork from Steve Beattie
-------------------------------------------------------------------
Wed May 30 19:30:38 CEST 2007 - srarnold@suse.de
- Really check in Marius's update to syslog-ng.
-------------------------------------------------------------------
Tue May 29 20:39:28 CEST 2007 - srarnold@suse.de
- small update from Marius Tomaschewski for syslog-ng
-------------------------------------------------------------------
Fri May 25 23:46:11 CEST 2007 - srarnold@suse.de
- replace /proc/ with @{PROC} from sbeattie
-------------------------------------------------------------------
Wed May 23 00:23:44 CEST 2007 - srarnold@suse.de
- Bug 265775 - changes for kerberosclient profile
[updated the abstraction]
-------------------------------------------------------------------
Thu May 17 01:48:54 CEST 2007 - srarnold@suse.de
- Bug 267933 - audit message about /var/lib/ntp/drift/ntp.drift.TEMP
-------------------------------------------------------------------
Wed May 16 22:51:43 CEST 2007 - srarnold@suse.de
- remove named (bind) and openldap (slapd) profiles, as they have been
moved into their respective packages
-------------------------------------------------------------------
Sat Apr 21 00:42:04 CEST 2007 - srarnold@suse.de
- reorganize the tarball to match on-disk layout
-------------------------------------------------------------------
Fri Apr 13 18:36:10 CEST 2007 - sbeattie@suse.de
- Update/re-enable some profiles for dir handling changes
-------------------------------------------------------------------
Sat Mar 31 01:37:36 CEST 2007 - agruen@suse.de
- Update to version 2.0.2: DFA based kernel module.
-------------------------------------------------------------------
Tue Feb 6 00:20:44 CET 2007 - srarnold@suse.de
- Bug 157400 - default AppArmor profile for gaim too restrictive
- Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to
create /var/lib/nfs/sm/<server>: err=-2"
- Bug 225615 - apparmor rejects glibc AT_PLATFORM directories
- Bug 143281 - Insuffisient settings in default profiles, at least for
man & gaim:
- Bug 181253 - apparmor rejects access for sendmail to
/var/lib/sendmail/statistics
- Bug 202095 - useradd / userdel profiles incomplete
- Bug 190079 - sendmail can't open control socket
- Bug 240734 - Applications using nss_ldap need to have access to
ldap.secret
-------------------------------------------------------------------
Wed Jan 24 00:37:02 CET 2007 - srarnold@suse.de
- More fixes from Volker Kuhlmann
- /tmp symlink to /var/tmp for ntpd
- new (extras) profile for passwd
- xntpd W32Time authentication support
- named gss-tsig authentication support
-------------------------------------------------------------------
Wed Jan 3 22:26:40 CET 2007 - srarnold@suse.de
- extras/ fixes from Volker Kuhlmann
- sshd loginuid
- apache certs/keys
- postfix with permissions=paranoid
-------------------------------------------------------------------
Mon Dec 11 22:42:16 CET 2006 - srarnold@suse.de
- Newer postfix uses a session cache for TLS
-------------------------------------------------------------------
Mon Nov 27 23:23:33 CET 2006 - srarnold@suse.de
- Bug 220331 - syslog-ng cannot log news messages
- capability fowner, to change uid/gid of logfiles
- make /dev/log dependency explicit
-------------------------------------------------------------------
Tue Nov 21 19:16:49 CET 2006 - srarnold@suse.de
- Bug 220331 - syslog-ng cannot log news messages
- /var/log/** to mirror the old syslog profile
-------------------------------------------------------------------
Fri Nov 17 01:43:08 CET 2006 - srarnold@suse.de
- Bug 221567 - apparmor causes kernel lockup if there is any audit backlog
- remove netstat profile as it will trigger this bug easily
- Bug 221111 - ntpd needs access to /proc/net/if_inet6
-------------------------------------------------------------------
Mon Nov 13 22:59:46 CET 2006 - srarnold@suse.de
- Bug 219583 - rejecting w access for syslog-ng
add /var/lib/*/dev/log access for chroot'd applications
- Bug 202095 - useradd / userdel profiles incomplete
(extra profiles, but can't hurt to update -- thanks Christian Boltz)
- Bug 197186 - apparmor breaks openntpd
-------------------------------------------------------------------
Thu Nov 9 20:35:04 CET 2006 - srarnold@suse.de
- Bug 219580 - some programs require 'm' access to /etc/ld.so.cache
-------------------------------------------------------------------
Sat Nov 4 02:30:52 CET 2006 - srarnold@suse.de
- Bug 215207 - apparmor-profiles: lib-ld missing in the profile
- with 'm' "can be mapped executable" mode flag, no need for the ld
profiles.
- so all ld.so profiles removed, change all 'Px' rules on loaders to
'ix' rules, and remove the ldd profile.
- Needless whitespace in profiles
- Bug 178073 - AppArmor - postfix - smtp - directive smtp_generic_maps
- Bug 203557 - apparmor python abstraction should accept .egg files in
site-packages
- new syslog-ng profile contributed by Christian Boltz
- new clamav profile contributed by Christian Boltz
- postfix/virtual improvements contributed by Christian Boltz
-------------------------------------------------------------------
Tue Jun 6 02:52:07 CEST 2006 - srarnold@suse.de
- Bug 175626 - /var/lib/ntp/etc/ntp.conf.iburst missing from ntpd
profile
- new 'make check' and 'make check-install' targets (sbeattie)
- new 'm', 'Px', 'Ux' flags to address:
- Bug 175388 - Profile access allows essentially execute permission when
only read access is granted via usage of mmap system call.
- Bug 172061 - LD_PRELOAD can be exploited to change the execution
path across exec transitions
-------------------------------------------------------------------
Mon May 8 18:59:33 CEST 2006 - srarnold@suse.de
- Bug 168035 - apparmor-profiles: lib.ld-2.2.so takes no care of x86_64
/lib/ld-2.4 -- s390x, ppc, ppc64, too
- Bug 172670 - postfix doesn't deliver mails anymore after update from
SLES9
-------------------------------------------------------------------
Wed May 3 23:54:35 CEST 2006 - srarnold@suse.de
- Bug 167798 - misc profile modifications from darix
- mlmmj, lighttpd, oidentd profiles in extras/
- new postfix helpers
(postfix profiles now in extras/)
- broken postfix smtpd alternation expansion
- factor abstractions/nameservice
- new python, ruby, php5 abstractions
- new web-data and svn-repositories data-centric abstractions
- svn:keywords to do proper attribution
- Bug 170154 - squid dies when setting auth_param basic program
/usr/sbin/pam_auth
- also move squid to /etc/apparmor/profilex/extras
- Add some text to the extras/README describing how to turn postfix
profiles on again, as an example
-------------------------------------------------------------------
Tue May 2 03:34:44 CEST 2006 - srarnold@suse.de
- Bug 165191 - named can't write slave zones
- Bug 168581 - readaccess to /proc/meminfo not granted to nscd -- add
sysconf(3) files to abstractions/base
- Bug 167798 - misc profile modifications from darix -- mlmmj, lighttpd,
oidentd profiles in extras/, new postfix helpers in complain mode
(enabled), split apart nameservice a little (non destructively), add new
abstractions for python, ruby, and php5, add web-data and
svn-repositories data-centric abstractions
-------------------------------------------------------------------
Sat Apr 29 03:22:18 CEST 2006 - srarnold@suse.de
- Add a complain mode profile for postfix/pipe
-------------------------------------------------------------------
Sat Apr 29 01:45:07 CEST 2006 - srarnold@suse.de
- README describing what is in /etc/apparmor/profiles/extras
- glibc 2.4 loaders
- Bug 165116 - Problem to resolve hostnames from LDAP-Database
- Bug 168581 - readaccess to /proc/meminfo not granted to nscd
- Bug 159667 - Postfix SASL authentication fails with "no mechanism available"
- mdnsd writes to console
-------------------------------------------------------------------
Fri Apr 7 08:49:47 CEST 2006 - dreynolds@suse.de
- seth.arnold:
- Fix for base (ntpd) - #164150
- Fix for postfix.qmgr - #156446
-------------------------------------------------------------------
Wed Apr 5 15:48:30 CEST 2006 - varkoly@suse.de
- Fix for posfix/smtpd postfix/smtp
- New file usr.lib.postfix.anvil
-------------------------------------------------------------------
Tue Apr 4 22:11:10 CEST 2006 - srarnold@suse.de
- Fix for postfix/sasl (#159667)
- Fix for NIS/portmapper nameservice capabilities
-------------------------------------------------------------------
Mon Apr 3 05:58:02 CEST 2006 - dreynolds@suse.de
- Fix for postalias (#158689)
- a profile update for svnserve
-------------------------------------------------------------------
Mon Mar 27 15:23:11 CEST 2006 - jmichael@suse.de
- Allow named to write to /var/lib/named/dyn while chrooted in
order to support dynamically updated zones - #157478
-------------------------------------------------------------------
Mon Mar 13 20:52:02 CET 2006 - srarnold@suse.de
- /usr/sbin/postfix /usr/sbin/sendmail ux, #156998
- /usr/lib/postfix/cleanup /etc/postfix/* r, #152706
-------------------------------------------------------------------
Mon Mar 13 09:30:09 CET 2006 - dreynolds@suse.de
- Fix for sendmail to add a px transtion to usr.lib.postfix.smtpd
(#156998)
-------------------------------------------------------------------
Thu Mar 9 20:36:54 CET 2006 - srarnold@suse.de
- new svnserve profile in extras (not enforcing), postfix ldap fixes #156091
- procmail now runs unconfined from postfix, sendmail
-------------------------------------------------------------------
Fri Mar 3 01:12:15 CET 2006 - srarnold@suse.de
- icon caches, fontconfig
- firefox fixes #154646
- Re-enable named, clarify tunables/home
-------------------------------------------------------------------
Mon Feb 13 05:40:16 CET 2006 - dreynolds@suse.de
- (seth.arnold@suse.de & sbeattie@suse.de)
- Re-enable sendmail, split apart traceroute
- Fix tunables/home to not emit multiple slashes
- Fix klogd per #143336
-------------------------------------------------------------------
Mon Feb 6 08:13:27 CET 2006 - sbeattie@suse.de
- (seth.arnold) /etc/apparmor.d/tunables/home
- (seth.arnold) slight re-org, some more use of variables
-------------------------------------------------------------------
Sun Jan 29 06:18:48 CET 2006 - sbeattie@suse.de
- Add svn repo number to tarball name
- Rename /etc/subdomain.d/ to /etc/apparmor.d/
- Add /lib/power5+/ to base for ppc (#146135)
-------------------------------------------------------------------
Wed Jan 25 21:45:45 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Jan 23 08:25:35 CET 2006 - dreynolds@suse.de
- Removal of profiles referencing /home/.
-------------------------------------------------------------------
Fri Dec 9 08:02:55 CET 2005 - sbeattie@suse.de
- dreynolds: remove unused netdomain rules
- srarnold: allow read access to policy subdirs
-------------------------------------------------------------------
Thu Dec 8 08:38:43 CET 2005 - sbeattie@suse.de
- rename subdomain-profiles to apparmor-profiles
- Relicense package to GPL
- reset version to 2.0-1
- profile updates
