openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apparmor

Adrian Schröter (adrianSuSE) committed over 12 years ago (revision 36)

branched from openSUSE:Factory

Stephan Kulow (coolo) accepted request 123452 from

Christian Boltz (cboltz) over 12 years ago (revision 35)

- update to AppArmor 2.8.0 (= r2047)
  - new utility aa-easyprof - templated profile generation tool (the resulting
    profile may be less strict than profiles generated with genprof/logprof)
  - various small bugfixes
- removed upstreamed patches

Stephan Kulow (coolo) accepted request 116788 from

Christian Boltz (cboltz) over 12 years ago (revision 34)

Update AppArmor from 2.7.2 to 2.8 beta5

Details:

- add apparmor-techdoc.patch to remove traces of the build time in PDF files

- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031)
  - new utility aa-exec to confine a program with the specified AppArmor profile
  - add support for mount rules
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream
    changelog
- removed upstreamed and backported patches
- remove outdated autobuild and "disable repo" patches that were disabled since
  the AppArmor 2.7 package
- create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1
  (bnc#720617 #c7)

Stephan Kulow (coolo) accepted request 113963 from

Christian Boltz (cboltz) over 12 years ago (revision 33)

- replace patch for dnsmasq profile with upstream patch (bnc#738905)

- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't
  create network rules because of changed log format (bnc#755923, lp#800826)
- add profile for samba winbindd (bnc#748499)

- fix dnsmasq profile (bnc#738905)

- add 0001-fix-for-lp929531.patch to allow reading 
  /sys/devices/system/cpu/online in abstractions/base (lp#929531)

Stephan Kulow (coolo) accepted request 102458 from

Christian Boltz (cboltz) almost 13 years ago (revision 32)

- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
  - move various permissions from httpd2-prefork profile to
    abstractions/apache2-common. Backward-incompatible change: *.htaccess
    files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
  - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
  - allow various .conf files for dovecot (lp#458922)
  - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
    and abstractions/private-files-strict (lp#911847)
  - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
    to use ~/.kde4, not only ~/.kde (bnc#741592)
  - block write access to ~/.kde{,4}/env in abstractions/private-files
    (lp#914190)
  - allow write access for personal dictionary etc. in abstractions/aspell
    (lp#917859)
  - when using genprof for a script, include read access to the script itsself
  - automatically include abstractions/python or abstractions/ruby for
    python/ruby scripts
  - add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
  - allow creation of the .config directory in abstractions/enchant (lp#914184)
  - allow TFTP read-only access in dnsmasq profile (lp#905412)
  - allow capability dac_read_search for syslog-ng (bnc#731876)
  - add p11-kit abstraction and include it in abstractions/authentification
    (lp#912754, lp#912752)
  - add audacity to abstractions/ubuntu-media-players (lp#899963)
  - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
    /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
    lp#890894, lp#890894, lp#884748)
  - fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
  - allow avahi to do dbus introspection (lp#769148)
  - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
  - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
  - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
    abstractions/cups-client (lp#887992)
  - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
    abstractions/python (lp#860856)
  - various updates to the sshd profile (lp#817956)
  - (and some more changes I already included in the apparmor-2.7-branch.diff)

Stephan Kulow (coolo) accepted request 98697 from

Christian Boltz (cboltz) almost 13 years ago (revision 31)

- Update to AppArmor 2.7.0 (= r1858)
  - make traceroute6 work (bnc#733312)
  - allow access to pyconfig.h in abstractions/python (lp#840734)
  - fix logprof/genprof for hex-encoded program filenames (= filenames
    containing space etc.)
- add apparmor-2.7-branch.diff with some upstreamed fixes:
  - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
  - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
  - fix syntax error in abstractons/python

- changed a $ -> % (typo)

Stephan Kulow (coolo) accepted request 93892 from

Christian Boltz (cboltz) about 13 years ago (revision 30)

- package subdomain.conf only in -parser, not in -utils package
- package libapparmor.so and libimmunix.so only in libapparmor-devel,
  not in libapparmor1
- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
- move libapparmor.a and libimmunix.a from libapparmor1 to 
  libapparmor-devel package

- update to AppArmor 2.7.0 rc2
  Most of the changes since rc1 were already included as patches.
  Additional changes:
  - fix logprof/genprof to recognize "mknod" in audit.log
  - fix libapparmor python bindings to compile with python 3
  - fix wrong status message in initscript if apparmor-utils are not installed
  - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
  - fix some warnings in utils/Makefile
- remove 4 upstreamed patches
- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
- update line numbers in 2 patches

Stephan Kulow (coolo) accepted request 89885 from

Christian Boltz (cboltz) about 13 years ago (revision 29)

Two fixes for AppArmor profiles:
- make abstractions/winbind working on 64bit systems
- allow loading the libraries for samba "vfs objects" also on 32bit 
  systems (bnc#725967)

Please forward these profile fixes to openSUSE 12.1.

Stephan Kulow (coolo) accepted request 89465 from

Christian Boltz (cboltz) about 13 years ago (revision 28)

- allow loading the libraries for samba "vfs objects" (bnc#725967)

Please include this patch in 12.1

Adrian Schröter (adrianSuSE) committed about 13 years ago (revision 27)

Stephan Kulow (coolo) accepted request 88695 from

Christian Boltz (cboltz) about 13 years ago (revision 26)

- include autogenerated profile sniplet for samba shares (bnc#688040)
- more helpful error message for "aa-notify -p" if the user is not in
  the configured group

Lars Vogdt (lrupp) accepted request 87773 from

Christian Boltz (cboltz) about 13 years ago (revision 25)

- update to AppArmor 2.7.0 rc1
  - aa-notify: add --display option and warn if $DISPLAY is not set
    (important for usage with sudo on openSUSE)
  - fix syntax error on "rcapparmor stop"
  - allow read access to /proc/*/mounts in the dovecot profile

Ruediger Oertel (oertel) accepted request 87208 from

Christian Boltz (cboltz) about 13 years ago (revision 24)

- add patch with upstream changes since 2.7.0 beta2 release
  - add example parser.conf
  - print warning if profile cache directory doesn't exist
  - remove initscript for no longer existing aa-eventd (bnc#720617)
  - set correct $HOME in aa-notify
- enable caching of profiles (= massive speedup) (bnc#689458)
- add comments for patches in .spec and comments in some patches
- run spec-cleaner

- add libtool as buildrequire to make the spec file more reliable

Lars Vogdt (lrupp) accepted request 82501 from

Christian Boltz (cboltz) about 13 years ago (revision 23)

- update to AppArmor 2.7.0 beta2
  - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182,
    bnc#691072, bnc#705319, bnc#713728
- add some missing perl module Requires to perl-apparmor

Sascha Peilicke (saschpe) accepted request 82045 from

Christian Boltz (cboltz) about 13 years ago (revision 22)

- update to AppArmor 2.7.0 beta1, for details see 
  http://wiki.apparmor.net/index.php/ReleaseNotes_2_7
- removed lots of patches I pushed upstream
- disabled apparmor-2.5.1-unified-build (patch to use automake,
  does not apply to 2.7 and probably won't be accepted upstream)
- disabled build of tomcat_apparmor (doesn't build, deprecated upstream)
- run spec-cleaner
- remove *.la files
- move usr.sbin.nscd profile back to apparmor-profiles package

- Update patch apparmor-profiles-usr.sbin.dnsmasq to include
  /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).

Sascha Peilicke (saschpe) committed about 13 years ago (revision 21)

Autobuild autoformatter for 81356

Sascha Peilicke (saschpe) accepted request 81356 from

Stephan Kulow (coolo) about 13 years ago (revision 20)

- install SubDomain.pm compat module (bnc#713408)

- Update to 2.6.1.
  - One patch eliminated
  - Lots of minor fixes
  - Split out more common abstractions
- Add check_for_apparmor() helper.

- dhcpd: Fix apparmor profile (bnc#692428)

 
- Fixed typos in descriptions and summaries of apparmor.spec
 

- move the requires and prerequires to the right package

Sascha Peilicke (saschpe) committed over 13 years ago (revision 19)

Autobuild autoformatter for 77678

Sascha Peilicke (saschpe) accepted request 77678 from

Jeff Mahoney (jeff_mahoney) over 13 years ago (revision 18)

- Add apparmor-securityfs-systemd.patch: do not mount securityfs
  when running under systemd, just access the directory, systemd
  will automount it (bnc#704460).

Sascha Peilicke (saschpe) committed over 13 years ago (revision 17)

Autobuild autoformatter for 75398

Displaying revisions 181 - 200 of 216

Places

Revisions of apparmor

Places