Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apparmor

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1177757 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 210) 
- Also exclude podman profile - boo#1225608 (forwarded request 1177727 from Guillaume_G)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1177466 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) (revision 209) 
- Exclude the crun profile in addition to runc (forwarded request 1177448 from favogt)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1177404 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 208) 
Note: Unfortunately my SR earlier today didn't fix everything that was reported by openQA :-(

This SR adds two more fixes. Especially teardown-unconfined.diff makes this SR a "fast track" candidate.

- add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff:
  Relax handling of mount rules in utils to avoid errors when
  parsing valid profiles
- add teardown-unconfined.diff to fix aa-teardown for 'unconfined'
  profiles (boo#1225457)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1177352 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 207) 
- exclude runc profile until updated runc packages (including
  updated profile with "signal peer=runc") have arrived

- add aa-remove-unknown-fix-unconfined.diff to fix
  aa-remove-unknown for 'unconfined' profiles (boo#1225457)
- set permissions for %ghost files (boo#1223578) (forwarded request 1177351 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1176730 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 206) 
- fix bashism in %post profiles

- Update to AppArmor 4.0.1
  Too many changes to list them here. See
  https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1
  for the detailed upstream release notes
- add tools-fix-redefinition.diff: fix redefinition of _ in tools
- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch
  with argparse on Leap 15.5
- drop upstreamed patches:
  - apparmor-abstractions-openssl-allow-version-specific-en.patch
  - dovecot-unix_chkpwd.diff
  - smbd-unix_chkpwd.diff
- apparmor-lessopen-profile.patch: update lessopen profile to
  abi/4.0
- mark local/* as %ghost so that these dummy files don't get
  installed anymore (changed existing local/files will be kept,
  unchanged files will be deleted)
- switch to gitlab tarballs (without pregenerated libapparmor
  configure script and prebuilt techdoc.pdf)
  - run libapparmor autogen.sh (needs additional BuildRequires
    autoconf, autoconf-archive, automake and libtool)
  - no longer package techdoc.pdf - old documentation, not worth
    the texlive BuildRequires we would need to build it
- drop old (up to 2.12) cache location /var/lib/apparmor/ and the
  /etc/apparmor.d/cache symlink pointing to it
- drop apparmor-samba-include-permissions-for-shares.diff - no
  longer needed, update-apparmor-samba-profile in Tumbleweed works
  without a pre-existing local/usr.sbin.smbd-shares file
- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't
  change a single bit in the resulting build (anymore?)
- drop apparmor-lessopen-nfs-workaround.diff - no longer needed
  since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499)
- drop ancient, unused update-trans.sh


Note: %post profiles contains a for loop calling "rm" (to delete unchanged /etc/apparmor.d/local/* files). Please double-check for possible side effects I didn't consider.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1165715 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 205) 
Use full URLs for source tarball and signature. (forwarded request 1165684 from badshah400)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1154197 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 204) 
- Remove workaround for boo#853019 in %postun parser -
  apparmor.service contains a more safe workaround.
  This also fixes boo#1220708 (missing daemon-reload).

- Add smbd-unix_chkpwd.diff to allow smbd to execute
  unix_chkpwd and fix other pam related denies; (boo#1220032).

- Only run utils and profiles make check if kernel LSM is enabled
  (bsc#1220084)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1151926 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 203) 
- Fix systemd userdb access in unix-chkpwd (forwarded request 1151902 from lnussel)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1147947 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 202) 
Prepare for RPM 4.20 (forwarded request 1147750 from dimstar)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1147189 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 201) 
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
  allow version specific engdef & engines openssl paths (boo#1219571) (forwarded request 1145034 from dmdiss)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1144685 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 200) 
- Update to AppArmor 3.1.7
  - aa-logprof: don't skip exec events in hats
  - fix aa-cleanprof to work with named profiles
  - add permissions in various abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
    for the full list of changes
- drop upstreamed apparmor-systemd-sessions.patch (forwarded request 1144684 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1142650 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 199) 
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
  unix_chkpwd, and add a profile for unix_chkpwd. This is needed
  for PAM 1.6 (boo#1219139)
- Refresh apparmor.keyring - the key was renewed (forwarded request 1142649 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1124276 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 198) 
- Add apparmor-systemd-sessions.patch to allow read access to
  /run/systemd/sessions/ (bsc#1216878)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1113527 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 197) 
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
  (bsc#1215596) (forwarded request 1113476 from dmdiss)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1108110 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 196) 
Sorry Christian, another boring changelog-only change to track the
samba-4-17.patch fix we're carrying in 15.5 and dropping for 15.6
thanks to the upstream 926 merge. (forwarded request 1108011 from dmdiss)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1107796 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 195) 
Add Jira tag to track AppArmor 3.1.6 submission for 15.6 (jsc#PED-5600)

(+ an unrelated spec file comment for a patch)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1100613 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 194) 
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472) (forwarded request 1100592 from dmdiss)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1094655 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 193) 
- update to AppArmor 3.1.6
  - fix regression in mount rules (boo#1211989)
  - some additions to the base and authentification abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
    for the full upstream changelog (forwarded request 1094654 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1092351 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 192) 
- update to AppArmor 3.1.5
  - fix handling of mount rules in apparmor_parser
  - minor additions to abstractions/base and snap_browsers
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5
    for the full upstream changelog
- remove upstreamed aa-status-fix-json-mr1046.patch
- split off apparmor-enable-precompiled-cache.diff from
  apparmor-enable-profile-cache.diff so that the precompiled cache
  path doesn't get added in parser.conf for Tumbleweed builds.
  This prevents a warning about the non-existing directory when
  loading profiles. (forwarded request 1092349 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1091163 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 191) 
- fix aa-status --json output (aa-status-fix-json-mr1046.patch,
  boo#1211980#c12) (forwarded request 1091162 from cboltz)
Displaying revisions 1 - 20 of 210
openSUSE Build Service is sponsored by
Places