#### maintenance team,
#### - please mark the patch as "reboot needed" as workaround for bnc#853019
#### - the changelog below is sorted by importance - please keep it this way
####
#### Patch summary: AppArmor profile updates for dovecot, samba and others

- %restart_on_update (in parser %postun) is "translated" to stop/start by
the systemd wrapper, which removes AppArmor protection from running
processes. Fixed by using a custom script instead (bnc#853019)
NOTE: The %postun from the previously installed apparmor-parser package
will remove AppArmor protection from running processes a last time.
Run aa-status to get a list of processes you need to restart, or reboot
your computer.
- reload profiles in %post of the apparmor-profiles package

- update dovecot profiles to support dovecot 2.x, and add profiles for
the parts of dovecot that were not covered yet (bnc#851984)
NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs.
(apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*)

- add apparmor-profiles-samba-create-dirs.diff to allow samba to
mkdir /var/run/samba and /var/cache/samba (bnc#856651)
- add abstractions/samba to usr.sbin.winbindd profile
- add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131)

- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined)

- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config
created by recent NetworkManager (see
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b
for update details)

- add apparmor-abstractions-ssl_certs.diff to allow access to
certificates in /var/lib/ca-certificates/ (bnc#852018)

- add apparmor-profiles-ntpd-r2103.diff with updated driftfile
location for ntpd (bnc#850374)