Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
apparmor-profiles
apparmor-profiles.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apparmor-profiles.spec of Package apparmor-profiles
# # spec file for package apparmor-profiles (Version 2.3) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: apparmor-profiles %if ! %{?distro:1}0 %define distro suse %endif Summary: AppArmor profiles that are loaded into the apparmor kernel module Version: 2.3 Release: 42 Group: Productivity/Security Source0: %{name}-%{version}-1351.tar.gz License: GPL v2 or later BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://forge.novell.com/modules/xfmod/project/?apparmor Requires: apparmor-parser BuildArch: noarch Obsoletes: subdomain-profiles Provides: subdomain-profiles # hrm, still need to enumerate each directory in these paths in files :( %define extras_dir %{_sysconfdir}/apparmor/profiles/extras/ %define profiles_dir %{_sysconfdir}/apparmor.d/ %description Base profiles. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain. Authors: -------- seth.arnold@suse.de sbeattie@suse.de jjohansen@suse.de %prep %setup -q %build # nothing to do here %install make install DESTDIR=${RPM_BUILD_ROOT} DISTRO=%{distro} %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %attr(644, root, root) %config(noreplace) %{profiles_dir}/* %attr(644, root, root) %config(noreplace) %{extras_dir}/* %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/abstractions/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/program-chunks/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/tunables/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/extras/ %post %preun %changelog * Fri Nov 21 2008 jjohansen@suse.de - fixes for bnc#436849 - Not able to start "syslog" service on a QS21 diskless machine bnc#436262 - adding missing file for Firefox profiles do not work with current Firefox * Fri Nov 07 2008 jjohansen@suse.de - Fix bnc#431222 - apparmor profile for avahi doesn't allow introspection * Wed Nov 05 2008 jjohansen@suse.de - fixes for bnc#405317 - nscd needs to read /etc/netgroupbnc#436849 Not able to start "syslog" service on a QS21 diskless machine bnc#421728 - AppArmor prevents some network utilities from accessing avahi-daemon socket bnc#344376 - Default apparmor profile for nscd should include rights to /var/log/nscd.log bnc#405317 - nscd needs to read /etc/netgroup bnc#425041 - AppArmor disallows "/sbin/syslog-ng" to access "/dev/syslog" bnc#436262 - Firefox profiles do not work with current Firefox - apply previous patch files against upstream profiles (now in tarball) usr.bin.opera-bnc#307365.patch sbin.syslogd-bnc#33144.patch sbin.syslog-ng-bnc#334557.patch usr.sbin.ntpd-bnc#230700.patch ntp-chroot-bnc#256291.patch ntp-dac_override-pidfile.patch usr.sbin.ntpd-bnc#433368#402693.patch * Tue Oct 14 2008 varkoly@suse.de - patch ntp und xad profile bnc#402693 and bnc#433368 * Wed Aug 06 2008 ro@suse.de - add dac_override to ntp profile to let it write its pid file * Wed May 07 2008 jjohansen@suse.de - patch usr.bin.opera so that it will allow startup bnc#307365 - patch sbin.syslogd to allow locking of log file bnc#33144 - patch sbin.syslog-ng bnc#334557 - patch ntp profile bnc#230700 and bnc#256291 * Mon Apr 07 2008 jjohansen@suse.de - Bump version to 2.3 in preparation for AppArmor 2.3 code drop * Tue Mar 25 2008 varkoly@suse.de - Bug 333525 - xntp ntpd does not work with ipv6 servers * Thu Mar 13 2008 ro@suse.de - updated ntpd profile * Wed Aug 29 2007 srarnold@suse.de [ changes from mathiaz, sbeattie, seth.arnold, dreynolds] - ping network inet raw - nscd network stream - Ubuntu Launchpad bug #132468, nameservice abstraction resolv.conf - Bug 241479 - Fix for usr.sbin.nscd profile - Bug 287579 - <abstractions/X> doesn't allow access to /usr/share/X11 and other xorg directories - Bug 288960 - nscd with nss_ldap and sasl/gss bind to ldap server failed - Bug 295086 - abstractions/X lists /usr/X11R6 - abstractions fixes from Mathias Gug (Ubuntu) * Mon Aug 20 2007 dreynolds@suse.de [ changes from mathiaz, sbeattie, seth.arnold, dreynolds ] - Unbuntu Launchpad bug #132468: Nameservice abstraction should also include /var/run/resolvconf/resolv.conf: - Fix to ntpd profile from Mathias Gug <mathiaz-at-ubuntu.com> of Ubuntu. - Bug 288470 - ntp profile rejects access to /var/lib/ntp/etc/localtime - Updates for cupsd. Add inet|inet6 dgram|stream to nameservice abstraction * Fri Aug 17 2007 srarnold@suse.de - Bug 288470 - ntp profile rejects access to /var/lib/ntp/etc/localtime - Fix to ntpd profile from Mathias Gug <mathiaz@ubuntu.com> of Ubuntu. (sbeattie) - Launchpad bug #132468: Nameservice abstraction should also include /var/run/resolvconf/resolv.conf * Tue Aug 07 2007 dreynolds@suse.de - Update klogd profile for locking permission 'k' to pid file * Mon Aug 06 2007 dreynolds@suse.de - Updated profiles for network toggle mediation - Added profile for avahi-daemon - Added profile for cupsd to extras * Mon Jun 11 2007 srarnold@suse.de - Postfix directories to new syntax * Mon Jun 11 2007 srarnold@suse.de - Remove /usr/X11R6 references * Mon Jun 11 2007 srarnold@suse.de - dhcpcd fixes - resmgr fix * Mon Jun 11 2007 srarnold@suse.de - Remove /opt/gnome references - Remove /usr/X11R6 references - Update to newer evolution version numbers - Rename ethereal -> wireshark - Create 64 bit version of gconfd-2 * Tue Jun 05 2007 srarnold@suse.de - Updates to ntpd from Mathias Gug * Sat Jun 02 2007 srarnold@suse.de - Updates to ntpd and klogd from Mathias Gug - Updates to httpd2-prefork from Steve Beattie * Wed May 30 2007 srarnold@suse.de - Really check in Marius's update to syslog-ng. * Tue May 29 2007 srarnold@suse.de - small update from Marius Tomaschewski for syslog-ng * Fri May 25 2007 srarnold@suse.de - replace /proc/ with @{PROC} from sbeattie * Tue May 22 2007 srarnold@suse.de - Bug 265775 - changes for kerberosclient profile [updated the abstraction] * Thu May 17 2007 srarnold@suse.de - Bug 267933 - audit message about /var/lib/ntp/drift/ntp.drift.TEMP * Wed May 16 2007 srarnold@suse.de - remove named (bind) and openldap (slapd) profiles, as they have been moved into their respective packages * Fri Apr 20 2007 srarnold@suse.de - reorganize the tarball to match on-disk layout * Fri Apr 13 2007 sbeattie@suse.de - Update/re-enable some profiles for dir handling changes * Sat Mar 31 2007 agruen@suse.de - Update to version 2.0.2: DFA based kernel module. * Tue Feb 06 2007 srarnold@suse.de - Bug 157400 - default AppArmor profile for gaim too restrictive - Bug 221998 - No NFS locks available: "kernel: lockd/statd: failed to create /var/lib/nfs/sm/<server>: err=-2" - Bug 225615 - apparmor rejects glibc AT_PLATFORM directories - Bug 143281 - Insuffisient settings in default profiles, at least for man & gaim: - Bug 181253 - apparmor rejects access for sendmail to /var/lib/sendmail/statistics - Bug 202095 - useradd / userdel profiles incomplete - Bug 190079 - sendmail can't open control socket - Bug 240734 - Applications using nss_ldap need to have access to ldap.secret * Wed Jan 24 2007 srarnold@suse.de - More fixes from Volker Kuhlmann - /tmp symlink to /var/tmp for ntpd - new (extras) profile for passwd - xntpd W32Time authentication support - named gss-tsig authentication support * Wed Jan 03 2007 srarnold@suse.de - extras/ fixes from Volker Kuhlmann - sshd loginuid - apache certs/keys - postfix with permissions=paranoid * Mon Dec 11 2006 srarnold@suse.de - Newer postfix uses a session cache for TLS * Mon Nov 27 2006 srarnold@suse.de - Bug 220331 - syslog-ng cannot log news messages - capability fowner, to change uid/gid of logfiles - make /dev/log dependency explicit * Tue Nov 21 2006 srarnold@suse.de - Bug 220331 - syslog-ng cannot log news messages - /var/log/** to mirror the old syslog profile * Fri Nov 17 2006 srarnold@suse.de - Bug 221567 - apparmor causes kernel lockup if there is any audit backlog - remove netstat profile as it will trigger this bug easily - Bug 221111 - ntpd needs access to /proc/net/if_inet6 * Mon Nov 13 2006 srarnold@suse.de - Bug 219583 - rejecting w access for syslog-ng add /var/lib/*/dev/log access for chroot'd applications - Bug 202095 - useradd / userdel profiles incomplete (extra profiles, but can't hurt to update -- thanks Christian Boltz) - Bug 197186 - apparmor breaks openntpd * Thu Nov 09 2006 srarnold@suse.de - Bug 219580 - some programs require 'm' access to /etc/ld.so.cache * Sat Nov 04 2006 srarnold@suse.de - Bug 215207 - apparmor-profiles: lib-ld missing in the profile - with 'm' "can be mapped executable" mode flag, no need for the ld profiles. - so all ld.so profiles removed, change all 'Px' rules on loaders to 'ix' rules, and remove the ldd profile. - Needless whitespace in profiles - Bug 178073 - AppArmor - postfix - smtp - directive smtp_generic_maps - Bug 203557 - apparmor python abstraction should accept .egg files in site-packages - new syslog-ng profile contributed by Christian Boltz - new clamav profile contributed by Christian Boltz - postfix/virtual improvements contributed by Christian Boltz * Tue Jun 06 2006 srarnold@suse.de - Bug 175626 - /var/lib/ntp/etc/ntp.conf.iburst missing from ntpd profile - new 'make check' and 'make check-install' targets (sbeattie) - new 'm', 'Px', 'Ux' flags to address: - Bug 175388 - Profile access allows essentially execute permission when only read access is granted via usage of mmap system call. - Bug 172061 - LD_PRELOAD can be exploited to change the execution path across exec transitions * Mon May 08 2006 srarnold@suse.de - Bug 168035 - apparmor-profiles: lib.ld-2.2.so takes no care of x86_64 /lib/ld-2.4 -- s390x, ppc, ppc64, too - Bug 172670 - postfix doesn't deliver mails anymore after update from SLES9 * Wed May 03 2006 srarnold@suse.de - Bug 167798 - misc profile modifications from darix - mlmmj, lighttpd, oidentd profiles in extras/ - new postfix helpers (postfix profiles now in extras/) - broken postfix smtpd alternation expansion - factor abstractions/nameservice - new python, ruby, php5 abstractions - new web-data and svn-repositories data-centric abstractions - svn:keywords to do proper attribution - Bug 170154 - squid dies when setting auth_param basic program /usr/sbin/pam_auth - also move squid to /etc/apparmor/profilex/extras - Add some text to the extras/README describing how to turn postfix profiles on again, as an example * Tue May 02 2006 srarnold@suse.de - Bug 165191 - named can't write slave zones - Bug 168581 - readaccess to /proc/meminfo not granted to nscd -- add sysconf(3) files to abstractions/base - Bug 167798 - misc profile modifications from darix -- mlmmj, lighttpd, oidentd profiles in extras/, new postfix helpers in complain mode (enabled), split apart nameservice a little (non destructively), add new abstractions for python, ruby, and php5, add web-data and svn-repositories data-centric abstractions * Sat Apr 29 2006 srarnold@suse.de - Add a complain mode profile for postfix/pipe * Sat Apr 29 2006 srarnold@suse.de - README describing what is in /etc/apparmor/profiles/extras - glibc 2.4 loaders - Bug 165116 - Problem to resolve hostnames from LDAP-Database - Bug 168581 - readaccess to /proc/meminfo not granted to nscd - Bug 159667 - Postfix SASL authentication fails with "no mechanism available" - mdnsd writes to console * Fri Apr 07 2006 dreynolds@suse.de - seth.arnold: - Fix for base (ntpd) - #164150 - Fix for postfix.qmgr - #156446 * Wed Apr 05 2006 varkoly@suse.de - Fix for posfix/smtpd postfix/smtp - New file usr.lib.postfix.anvil * Tue Apr 04 2006 srarnold@suse.de - Fix for postfix/sasl (#159667) - Fix for NIS/portmapper nameservice capabilities * Mon Apr 03 2006 dreynolds@suse.de - Fix for postalias (#158689) - a profile update for svnserve * Mon Mar 27 2006 jmichael@suse.de - Allow named to write to /var/lib/named/dyn while chrooted in order to support dynamically updated zones - #157478 * Mon Mar 13 2006 srarnold@suse.de - /usr/sbin/postfix /usr/sbin/sendmail ux, #156998 - /usr/lib/postfix/cleanup /etc/postfix/* r, #152706 * Mon Mar 13 2006 dreynolds@suse.de - Fix for sendmail to add a px transtion to usr.lib.postfix.smtpd (#156998) * Thu Mar 09 2006 srarnold@suse.de - new svnserve profile in extras (not enforcing), postfix ldap fixes #156091 - procmail now runs unconfined from postfix, sendmail * Fri Mar 03 2006 srarnold@suse.de - icon caches, fontconfig - firefox fixes #154646 - Re-enable named, clarify tunables/home * Mon Feb 13 2006 dreynolds@suse.de - (seth.arnold@suse.de & sbeattie@suse.de) - Re-enable sendmail, split apart traceroute - Fix tunables/home to not emit multiple slashes - Fix klogd per #143336 * Mon Feb 06 2006 sbeattie@suse.de - (seth.arnold) /etc/apparmor.d/tunables/home - (seth.arnold) slight re-org, some more use of variables * Sun Jan 29 2006 sbeattie@suse.de - Add svn repo number to tarball name - Rename /etc/subdomain.d/ to /etc/apparmor.d/ - Add /lib/power5+/ to base for ppc (#146135) * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Mon Jan 23 2006 dreynolds@suse.de - Removal of profiles referencing /home/. * Fri Dec 09 2005 sbeattie@suse.de - dreynolds: remove unused netdomain rules - srarnold: allow read access to policy subdirs * Thu Dec 08 2005 sbeattie@suse.de - rename subdomain-profiles to apparmor-profiles - Relicense package to GPL - reset version to 2.0-1 - profile updates
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor