Revisions of apparmor
- add logprof-mount-empty-source.diff: add support for mount rules with quoted paths and empty source (boo#1226031) (forwarded request 1180047 from cboltz)
- add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) (forwarded request 1178599 from cboltz)
- Also exclude podman profile - boo#1225608 (forwarded request 1177727 from Guillaume_G)
- Exclude the crun profile in addition to runc (forwarded request 1177448 from favogt)
Note: Unfortunately my SR earlier today didn't fix everything that was reported by openQA :-( This SR adds two more fixes. Especially teardown-unconfined.diff makes this SR a "fast track" candidate. - add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff: Relax handling of mount rules in utils to avoid errors when parsing valid profiles - add teardown-unconfined.diff to fix aa-teardown for 'unconfined' profiles (boo#1225457)
- exclude runc profile until updated runc packages (including updated profile with "signal peer=runc") have arrived - add aa-remove-unknown-fix-unconfined.diff to fix aa-remove-unknown for 'unconfined' profiles (boo#1225457) - set permissions for %ghost files (boo#1223578) (forwarded request 1177351 from cboltz)
- fix bashism in %post profiles - Update to AppArmor 4.0.1 Too many changes to list them here. See https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1 for the detailed upstream release notes - add tools-fix-redefinition.diff: fix redefinition of _ in tools - add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch with argparse on Leap 15.5 - drop upstreamed patches: - apparmor-abstractions-openssl-allow-version-specific-en.patch - dovecot-unix_chkpwd.diff - smbd-unix_chkpwd.diff - apparmor-lessopen-profile.patch: update lessopen profile to abi/4.0 - mark local/* as %ghost so that these dummy files don't get installed anymore (changed existing local/files will be kept, unchanged files will be deleted) - switch to gitlab tarballs (without pregenerated libapparmor configure script and prebuilt techdoc.pdf) - run libapparmor autogen.sh (needs additional BuildRequires autoconf, autoconf-archive, automake and libtool) - no longer package techdoc.pdf - old documentation, not worth the texlive BuildRequires we would need to build it - drop old (up to 2.12) cache location /var/lib/apparmor/ and the /etc/apparmor.d/cache symlink pointing to it - drop apparmor-samba-include-permissions-for-shares.diff - no longer needed, update-apparmor-samba-profile in Tumbleweed works without a pre-existing local/usr.sbin.smbd-shares file - drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't change a single bit in the resulting build (anymore?) - drop apparmor-lessopen-nfs-workaround.diff - no longer needed since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499) - drop ancient, unused update-trans.sh Note: %post profiles contains a for loop calling "rm" (to delete unchanged /etc/apparmor.d/local/* files). Please double-check for possible side effects I didn't consider.
Use full URLs for source tarball and signature. (forwarded request 1165684 from badshah400)
- Remove workaround for boo#853019 in %postun parser - apparmor.service contains a more safe workaround. This also fixes boo#1220708 (missing daemon-reload). - Add smbd-unix_chkpwd.diff to allow smbd to execute unix_chkpwd and fix other pam related denies; (boo#1220032). - Only run utils and profiles make check if kernel LSM is enabled (bsc#1220084)
- Fix systemd userdb access in unix-chkpwd (forwarded request 1151902 from lnussel)
Prepare for RPM 4.20 (forwarded request 1147750 from dimstar)
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571) (forwarded request 1145034 from dmdiss)
- Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch (forwarded request 1144684 from cboltz)
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139) - Refresh apparmor.keyring - the key was renewed (forwarded request 1142649 from cboltz)
- Add apparmor-systemd-sessions.patch to allow read access to /run/systemd/sessions/ (bsc#1216878)
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors (bsc#1215596) (forwarded request 1113476 from dmdiss)
Sorry Christian, another boring changelog-only change to track the samba-4-17.patch fix we're carrying in 15.5 and dropping for 15.6 thanks to the upstream 926 merge. (forwarded request 1108011 from dmdiss)
Add Jira tag to track AppArmor 3.1.6 submission for 15.6 (jsc#PED-5600) (+ an unrelated spec file comment for a patch)
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html documentation (bsc#1213472) (forwarded request 1100592 from dmdiss)
- update to AppArmor 3.1.6 - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog (forwarded request 1094654 from cboltz)
Displaying revisions 1 - 20 of 212