Revisions of apparmor
Ana Guerrero (anag+factory)
accepted
request 1177757
from
Christian Boltz (cboltz)
(revision 210)
- Also exclude podman profile - boo#1225608 (forwarded request 1177727 from Guillaume_G)
Dominique Leuenberger (dimstar_suse)
accepted
request 1177466
from
Dominique Leuenberger (dimstar_suse)
(revision 209)
- Exclude the crun profile in addition to runc (forwarded request 1177448 from favogt)
Ana Guerrero (anag+factory)
accepted
request 1177404
from
Christian Boltz (cboltz)
(revision 208)
Note: Unfortunately my SR earlier today didn't fix everything that was reported by openQA :-( This SR adds two more fixes. Especially teardown-unconfined.diff makes this SR a "fast track" candidate. - add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff: Relax handling of mount rules in utils to avoid errors when parsing valid profiles - add teardown-unconfined.diff to fix aa-teardown for 'unconfined' profiles (boo#1225457)
Ana Guerrero (anag+factory)
accepted
request 1177352
from
Christian Boltz (cboltz)
(revision 207)
- exclude runc profile until updated runc packages (including updated profile with "signal peer=runc") have arrived - add aa-remove-unknown-fix-unconfined.diff to fix aa-remove-unknown for 'unconfined' profiles (boo#1225457) - set permissions for %ghost files (boo#1223578) (forwarded request 1177351 from cboltz)
Ana Guerrero (anag+factory)
accepted
request 1176730
from
Christian Boltz (cboltz)
(revision 206)
- fix bashism in %post profiles - Update to AppArmor 4.0.1 Too many changes to list them here. See https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1 for the detailed upstream release notes - add tools-fix-redefinition.diff: fix redefinition of _ in tools - add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch with argparse on Leap 15.5 - drop upstreamed patches: - apparmor-abstractions-openssl-allow-version-specific-en.patch - dovecot-unix_chkpwd.diff - smbd-unix_chkpwd.diff - apparmor-lessopen-profile.patch: update lessopen profile to abi/4.0 - mark local/* as %ghost so that these dummy files don't get installed anymore (changed existing local/files will be kept, unchanged files will be deleted) - switch to gitlab tarballs (without pregenerated libapparmor configure script and prebuilt techdoc.pdf) - run libapparmor autogen.sh (needs additional BuildRequires autoconf, autoconf-archive, automake and libtool) - no longer package techdoc.pdf - old documentation, not worth the texlive BuildRequires we would need to build it - drop old (up to 2.12) cache location /var/lib/apparmor/ and the /etc/apparmor.d/cache symlink pointing to it - drop apparmor-samba-include-permissions-for-shares.diff - no longer needed, update-apparmor-samba-profile in Tumbleweed works without a pre-existing local/usr.sbin.smbd-shares file - drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't change a single bit in the resulting build (anymore?) - drop apparmor-lessopen-nfs-workaround.diff - no longer needed since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499) - drop ancient, unused update-trans.sh Note: %post profiles contains a for loop calling "rm" (to delete unchanged /etc/apparmor.d/local/* files). Please double-check for possible side effects I didn't consider.
Ana Guerrero (anag+factory)
accepted
request 1165715
from
Christian Boltz (cboltz)
(revision 205)
Use full URLs for source tarball and signature. (forwarded request 1165684 from badshah400)
Dominique Leuenberger (dimstar_suse)
accepted
request 1154197
from
Christian Boltz (cboltz)
(revision 204)
- Remove workaround for boo#853019 in %postun parser - apparmor.service contains a more safe workaround. This also fixes boo#1220708 (missing daemon-reload). - Add smbd-unix_chkpwd.diff to allow smbd to execute unix_chkpwd and fix other pam related denies; (boo#1220032). - Only run utils and profiles make check if kernel LSM is enabled (bsc#1220084)
Ana Guerrero (anag+factory)
accepted
request 1151926
from
Christian Boltz (cboltz)
(revision 203)
- Fix systemd userdb access in unix-chkpwd (forwarded request 1151902 from lnussel)
Ana Guerrero (anag+factory)
accepted
request 1147947
from
Christian Boltz (cboltz)
(revision 202)
Prepare for RPM 4.20 (forwarded request 1147750 from dimstar)
Ana Guerrero (anag+factory)
accepted
request 1147189
from
Christian Boltz (cboltz)
(revision 201)
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571) (forwarded request 1145034 from dmdiss)
Ana Guerrero (anag+factory)
accepted
request 1144685
from
Christian Boltz (cboltz)
(revision 200)
- Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch (forwarded request 1144684 from cboltz)
Ana Guerrero (anag+factory)
accepted
request 1142650
from
Christian Boltz (cboltz)
(revision 199)
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139) - Refresh apparmor.keyring - the key was renewed (forwarded request 1142649 from cboltz)
Ana Guerrero (anag+factory)
accepted
request 1124276
from
Christian Boltz (cboltz)
(revision 198)
- Add apparmor-systemd-sessions.patch to allow read access to /run/systemd/sessions/ (bsc#1216878)
Ana Guerrero (anag+factory)
accepted
request 1113527
from
Christian Boltz (cboltz)
(revision 197)
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors (bsc#1215596) (forwarded request 1113476 from dmdiss)
Ana Guerrero (anag+factory)
accepted
request 1108110
from
Christian Boltz (cboltz)
(revision 196)
Sorry Christian, another boring changelog-only change to track the samba-4-17.patch fix we're carrying in 15.5 and dropping for 15.6 thanks to the upstream 926 merge. (forwarded request 1108011 from dmdiss)
Ana Guerrero (anag+factory)
accepted
request 1107796
from
Christian Boltz (cboltz)
(revision 195)
Add Jira tag to track AppArmor 3.1.6 submission for 15.6 (jsc#PED-5600) (+ an unrelated spec file comment for a patch)
Ana Guerrero (anag+factory)
accepted
request 1100613
from
Christian Boltz (cboltz)
(revision 194)
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html documentation (bsc#1213472) (forwarded request 1100592 from dmdiss)
Dominique Leuenberger (dimstar_suse)
accepted
request 1094655
from
Christian Boltz (cboltz)
(revision 193)
- update to AppArmor 3.1.6 - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog (forwarded request 1094654 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 1092351
from
Christian Boltz (cboltz)
(revision 192)
- update to AppArmor 3.1.5 - fix handling of mount rules in apparmor_parser - minor additions to abstractions/base and snap_browsers - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5 for the full upstream changelog - remove upstreamed aa-status-fix-json-mr1046.patch - split off apparmor-enable-precompiled-cache.diff from apparmor-enable-profile-cache.diff so that the precompiled cache path doesn't get added in parser.conf for Tumbleweed builds. This prevents a warning about the non-existing directory when loading profiles. (forwarded request 1092349 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 1091163
from
Christian Boltz (cboltz)
(revision 191)
- fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12) (forwarded request 1091162 from cboltz)
Displaying revisions 1 - 20 of 210