Overview
Request 663397 revoked
Update AppArmor to 2.12.2
This update adds missing permissions to several profiles. It also fixes bugs in the userspace tools.
Detailed changelog:
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
lessopen.sh for reading files on NFS (workaround for boo#1119937 /
lp#1784499)
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
error out in a corner-case (log event for a non-existing profile while
a profile file with the default filename for that non-existing profile
exists) (boo#1120472)
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.12.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2
for the detailed upstream changelog
- update to AppArmor 2.12.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- add support for conditional includes ("include if exists")
- ignore "abi" rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1
for detailed upstream release notes
- remove upstream(ed) patches:
- parser-write-cache-warn-only.diff
- disable-cache-on-ro-fs.diff
- add-dovecot-stats.patch
- set-flags-for-profiles-represented-by-glob.patch
- fix-regression-in-set-flags.patch
- fix-samba-profiles.patch
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-enable-profile-cache.diff and
apparmor-samba-include-permissions-for-shares.diff
home:cboltz:branches:openSUSE:Leap:15.0:Update/apparmor@e178e7847bc5f72cf9379853b0a9202c -> openSUSE:Leap:15.0:Update/apparmor
expected origin is 'SUSE:SLE-15:GA' (changed)
Request History
cboltz created request
Update AppArmor to 2.12.2
This update adds missing permissions to several profiles. It also fixes bugs in the userspace tools.
Detailed changelog:
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
lessopen.sh for reading files on NFS (workaround for boo#1119937 /
lp#1784499)
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
error out in a corner-case (log event for a non-existing profile while
a profile file with the default filename for that non-existing profile
exists) (boo#1120472)
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.12.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2
for the detailed upstream changelog
- update to AppArmor 2.12.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- add support for conditional includes ("include if exists")
- ignore "abi" rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1
for detailed upstream release notes
- remove upstream(ed) patches:
- parser-write-cache-warn-only.diff
- disable-cache-on-ro-fs.diff
- add-dovecot-stats.patch
- set-flags-for-profiles-represented-by-glob.patch
- fix-regression-in-set-flags.patch
- fix-samba-profiles.patch
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-enable-profile-cache.diff and
apparmor-samba-include-permissions-for-shares.diff
licensedigger accepted review
ok
factory-auto accepted review
Check script succeeded
maintbot accepted review
ok
maintbot approved review
ok
AndreasStieger declined request
SLE inherited package. Please have @goldwynr run it through SLE
cboltz revoked request
Looks like @goldwynr did it now - I've seen ibs:running:9915:moderate in bugzilla.
@goldwynr regarding the workflow - told you so ;-))
home:cboltz:branches:openSUSE:Leap:15.0:Update/apparmor@e178e7847bc5f72cf9379853b0a9202c -> openSUSE:Leap:15.0:Update/apparmor
expected origin is 'SUSE:SLE-15:GA' (changed)
This is a SLE inherited package.
@goldwynr If deemed suitable, can you please take this into SLE maintenance?
Yes, it is suitable SLE-15:Update. However, which project should I submitrequest against? osc sr errs saying "Server did not define a default maintenance project"
SLE is maintained in the internal build service.