File _patchinfo of Package patchinfo
<patchinfo incident="3208">
<packager>cboltz</packager>
<issue tracker="bnc" id="846586">smbd nt_printing_init error on starting smb</issue>
<issue tracker="bnc" id="848215">apparmor: dnsmasq cant read var/lib/libvirt/dnsmasq/*.conf</issue>
<issue tracker="bnc" id="850374">Apparmor config keeps ntpd from updating /var/lib/ntp/drift/driftfile.TEMP</issue>
<issue tracker="bnc" id="851131">AppArmor prevents winbind from working correctly</issue>
<issue tracker="bnc" id="852018">missing path for ssl-certs in apparmor-profiles package</issue>
<issue tracker="bnc" id="853019">%restart_on_update boot.apparmor + systemd wrapper considered harmful</issue>
<issue tracker="bnc" id="856651">Update to 4.1.3-3.12.1 broken. Samba cannot write its PID file anymore</issue>
<issue tracker="bnc" id="857122">nagios plugin to check zypper cannot zypper ref due to apparmor profile</issue>
<issue tracker="bnc" id="863226">Dynamic DNS does not cooperate with DHCP If AppArmor is enabled</issue>
<issue tracker="bnc" id="869787">Samba cachedir location relocated</issue>
<issue tracker="bnc" id="870607">winbind profile needs rw access to /var/cache/krb5rcache</issue>
<issue tracker="bnc" id="885317">apparmor causes Samba to fail to start when clustering is configured</issue>
<issue tracker="bnc" id="886225">smbd should get read access to /run/nscd/{group,passwd}</issue>
<issue tracker="bnc" id="889650">perl-apparmor: handling of network and network all keywords is broken</issue>
<issue tracker="bnc" id="889651">perl-apparmor: use of the capability keyword without further arguments causes syntax error</issue>
<issue tracker="bnc" id="889652">perl-apparmor: use of the file keyword results in a syntax error</issue>
<issue tracker="bnc" id="892374">apparmor: dnsmasq denied access to /proc/sys/net/ipv6/conf/virbr1/mtu</issue>
<issue tracker="bnc" id="899746">apparmor prevents ntpd start</issue>
<issue tracker="lp" id="1322778"></issue>
<issue tracker="lp" id="1340927"></issue>
<issue tracker="bnc" id="904620">ntpd is unable to start</issue>
<issue tracker="lp" id="1392042"></issue>
<category>recommended</category>
<rating>moderate</rating>
<summary>recommended update for AppArmor</summary>
<description>This recommended update for AppArmor fixes the following issues:
- NOTE: Please consider a reboot after installing the update to resolve bnc#853019
- NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time. Run aa-status to get a list of processes you need to restart, or reboot your computer.
- Update from version 2.8.2 to 2.8.4 and several bugfixes
+ delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)
+ mod_apparmor: try uri hat after AADefaultHatName, not before. Fixes the regression in 2.8.3 (lp#1322778)
+ libapparmor: fix log parsing memory leaks (lp#1340927)
+ parser: Fix profile loads from cache files that contain multiple profiles
+ several profiles and abstractions/* updates (including bnc#857122#c2, bnc#899746, bnc#869787, bnc#886225)
+ see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_4 for details
+ add Provides: apparmor-abstractions to apparmor-profiles
+ Allow dnsmasq read access to interface mtu in /proc/sys/net/ipv6/conf/<ifacename>/mtu (bnc#892374)
+ Rename rpmlintrc to %{name}-rpmlintrc to follow the packaging guidelines.
+ perl-apparmor: Fix handling of network (or network all) (bnc#889650)
+ perl-apparmor: Fix handling of capability keyword (bnc#889651)
+ perl-apparmor: Properly handle bare file keyword (bnc#889652)
+ permit clustered Samba access to CTDB socket and databases (bnc#885317)
+ update usr.sbin.winbindd profile (bnc#870607)
+ restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/
+ update usr.sbin.winbindd profile (bnc#870607)
* treat passdb.tdb.tmp as passdb.tdb
* allow rw access to /var/tmp/
+ add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send)
+ fix some cache clearing bugs in apparmor_parser
+ various fixes in mod_apparmor
+ several profile updates, most of them were already included as patches (except abstractions/winbind (bnc#863226), abstractions/fonts and abstractions/p11-kit)
+ see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details
+ use current ruby macros, the rb_sitearch is obsolete since at least 12.1
+ allow access to pid file and supplemental config directory
+ add Recommends: net-tools to apparmor-utils (needed by aa-unconfined)
+ allow dnsmasq read config created be recent NetworkManager
+ allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651)
+ add abstractions/samba to usr.sbin.winbindd profile
+ add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131)
+ %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running processes. (bnc#853019)
* NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time.
Run aa-status to get a list of processes you need to restart, or reboot your computer.
+ reload profiles in %post of the apparmor-profiles package
+ allow access to certificates in /var/lib/ca-certificates/ (bnc#852018)
+ updated driftfile location for ntpd (bnc#850374)
+ usr.sbin.winbindd: some more profile updates for samba 4.x and kerberos (bnc#846586#c12 and #c15)
+ add missing permissions for libvirt-generated files to dnsmasq profile (bnc#848215)</description>
<reboot_needed/>
</patchinfo>
