Overview
Request 1144722 new
Update AppArmor to the latest bugfix release
Updating AppArmor in 15.6 was decided in
https://code.opensuse.org/leap/features/issue/117
and I'll assume this includes the latest bugfix release ;-)
Details:
- Update to AppArmor 3.1.7
- aa-logprof: don't skip exec events in hats
- fix aa-cleanprof to work with named profiles
- add permissions in various abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
for the full list of changes
- drop upstreamed apparmor-systemd-sessions.patch
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM 1.6 (boo#1219139)
- Refresh apparmor.keyring - the key was renewed
- Actually apply the previously added patch for bsc#1216878
- Add apparmor-systemd-sessions.patch to allow read access to
/run/systemd/sessions/ (bsc#1216878)
Request History
cboltz created request
Update AppArmor to the latest bugfix release
Updating AppArmor in 15.6 was decided in
https://code.opensuse.org/leap/features/issue/117
and I'll assume this includes the latest bugfix release ;-)
Details:
- Update to AppArmor 3.1.7
- aa-logprof: don't skip exec events in hats
- fix aa-cleanprof to work with named profiles
- add permissions in various abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
for the full list of changes
- drop upstreamed apparmor-systemd-sessions.patch
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM 1.6 (boo#1219139)
- Refresh apparmor.keyring - the key was renewed
- Actually apply the previously added patch for bsc#1216878
- Add apparmor-systemd-sessions.patch to allow read access to
/run/systemd/sessions/ (bsc#1216878)
lkocman accepted review
Mirrored to IBS SR#320796
lkocman approved review
Mirrored to IBS SR#320796
Mirrored to IBS SR#320796
This mirror has been accepted. Should this close automatically, or does someone need to do that manually?
Please make sure to reference jira in the future. I did write a comment to the mirrored submission that it's related to the jsc#PED-5029. But that's one common reason to reject features on SLES side.
Interestingly see related https://bugzilla.suse.com/show_bug.cgi?id=1215856 with the previous update. I see that you commented but it's still new. So I suppose this is the fix :-)
Actually the fix for https://bugzilla.suse.com/show_bug.cgi?id=1215856 was to fix what openQA does ;-)
I'm surprised that the bug is still open, AFAIK it should be fixed with the openQA test fix. I finally closed it.
Thanks a lot for the submission Christian. The minor version update makes sense to me, so I'll give this a quick spin locally before acking Lubos' IBS mirror of this. I also plan on merging the now-upstream boo#1219571 fix, but that could be done as a separate follow up.
Done
Submitted as SR#1145034
3.1.7 has filtered through to the OBS SUSE:SLE-15-SP6:GA/apparmor project, so I think this can be closed. I've submitted today's (
Fri Mar 1 20:54:12 UTC 2024 - Christian ...) HEAD via IBS sr#323204 so that should also appear here soon.