+++ /dev/null
-From 16f9f6885aff84123c0b52197f435e40d656c0e4 Mon Sep 17 00:00:00 2001
-From: nl6720 <nl6720@gmail.com>
-Date: Thu, 19 Mar 2020 12:05:44 +0200
-Subject: [PATCH] abstractions/nameservice: allow accessing
- /run/systemd/userdb/
-
-On systems with systemd 245, nss-systemd additionally queries NSS records from systemd-userdbd.service. See https://systemd.io/USER_GROUP_API/ .
-
-Signed-off-by: nl6720 <nl6720@gmail.com>
----
- profiles/apparmor.d/abstractions/nameservice | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
-index 760e449e..2f3b1d15 100644
---- a/profiles/apparmor.d/abstractions/nameservice
-+++ b/profiles/apparmor.d/abstractions/nameservice
-@@ -29,6 +29,11 @@
- /var/lib/extrausers/group r,
- /var/lib/extrausers/passwd r,
-
-+ # NSS records from systemd-userdbd.service
-+ @{run}/systemd/userdb/ r,
-+ @{run}/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
-+ @{PROC}/sys/kernel/random/boot_id r,
-+
- # When using sssd, the passwd and group files are stored in an alternate path
- # and the nss plugin also needs to talk to a pipe
- /var/lib/sss/mc/group r,
---
-2.26.2
-
+++ /dev/null
-From 454fca7483eae7b7ee613343c2c02abaa20e37e3 Mon Sep 17 00:00:00 2001
-From: nl6720 <nl6720@gmail.com>
-Date: Thu, 13 Feb 2020 09:58:33 +0200
-Subject: [PATCH] Add "run" variable
-
-Signed-off-by: nl6720 <nl6720@gmail.com>
-(cherry picked from commit 452b5b8735e449cba29a1fb25c9bff38ba8763ec)
----
- parser/apparmor.d.pod | 1 +
- profiles/apparmor.d/tunables/global | 1 +
- profiles/apparmor.d/tunables/run | 1 +
- 3 files changed, 3 insertions(+)
- create mode 100644 profiles/apparmor.d/tunables/run
-
-diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
-index 662830bd..59ac72c9 100644
---- a/parser/apparmor.d.pod
-+++ b/parser/apparmor.d.pod
-@@ -1279,6 +1279,7 @@ provided AppArmor policy:
- @{apparmorfs}
- @{sys}
- @{tid}
-+ @{run}
- @{XDG_DESKTOP_DIR}
- @{XDG_DOWNLOAD_DIR}
- @{XDG_TEMPLATES_DIR}
-diff --git a/profiles/apparmor.d/tunables/global b/profiles/apparmor.d/tunables/global
-index 28d6fc6d..3b6f99cc 100644
---- a/profiles/apparmor.d/tunables/global
-+++ b/profiles/apparmor.d/tunables/global
-@@ -19,3 +19,4 @@
- #include <tunables/kernelvars>
- #include <tunables/xdg-user-dirs>
- #include <tunables/share>
-+#include <tunables/run>
-diff --git a/profiles/apparmor.d/tunables/run b/profiles/apparmor.d/tunables/run
-new file mode 100644
-index 00000000..e535d2fe
---- /dev/null
-+++ b/profiles/apparmor.d/tunables/run
-@@ -0,0 +1 @@
-+@{run}=/run /var/run
---
-2.26.2
-
Summary: AppArmor profiles
Summary(pl.UTF-8): Profile AppArmor
Name: apparmor-profiles
-Version: 2.13.4
-Release: 3
+Version: 3.0.1
+Release: 1
Epoch: 1
License: GPL v2
Group: Base
-Source0: http://launchpad.net/apparmor/2.13/%{version}/+download/apparmor-%{version}.tar.gz
-# Source0-md5: a50b793a3362551f07733be3df9c328f
-Patch0: apparmor-2.13.4-fix_systemd_userdb.patch
-Patch1: apparmor-2.13.4-run_variable.patch
+Source0: http://launchpad.net/apparmor/3.0/%{version}/+download/apparmor-%{version}.tar.gz
+# Source0-md5: e05eab22bdd1dfc64854856a7292cf09
URL: http://wiki.apparmor.net/
Requires: apparmor-parser
Provides: subdomain-profiles
%prep
%setup -q -n apparmor-%{version}
-%patch0 -p1
-%patch1 -p1
%install
rm -rf $RPM_BUILD_ROOT
%defattr(644,root,root,755)
%dir %{_sysconfdir}/apparmor.d
%dir %{_sysconfdir}/apparmor.d/abstractions
+%dir %{_sysconfdir}/apparmor.d/abi
+%config(noreplace) %verify(not md5 mtime size) /etc/apparmor.d/abi/3.0
+%config(noreplace) %verify(not md5 mtime size) /etc/apparmor.d/abi/kernel-5.4-outoftree-network
+%config(noreplace) %verify(not md5 mtime size) /etc/apparmor.d/abi/kernel-5.4-vanilla
%dir %{_sysconfdir}/apparmor.d/cache
%dir %{_sysconfdir}/apparmor.d/local
%dir %{_sysconfdir}/apparmor.d/tunables
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/alias
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/apparmorfs
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/dovecot
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/etc
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/global
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/home
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/kernelvars
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dbus
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dbus-accessibility
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dbus-accessibility-strict
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dbus-network-manager-strict
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dbus-session
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dbus-session-strict
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dbus-strict
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dri-common
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/dri-enumerate
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/enchant
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/exo-open
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/fcitx
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/fcitx-strict
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/fonts
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/freedesktop.org
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/gio-open
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/gnome
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/gnupg
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/gvfs-open
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/hosts_access
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ibus
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/kde
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/kde-globals-write
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/kde-icon-cache-write
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/kde-language-write
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/kde-open5
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/kerberosclient
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ldapclient
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/libpam-systemd
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/mysql
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/nameservice
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/nis
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/nss-systemd
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/nvidia
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/opencl
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/opencl-common
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/p11-kit
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/perl
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/php
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/php-worker
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/php5
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/postfix-common
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/private-files
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/svn-repositories
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ubuntu-bittorrent-clients
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ubuntu-browsers
+%dir %config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ubuntu-browsers.d
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ubuntu-browsers.d/chromium-browser
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ubuntu-console-browsers
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ubuntu-console-email
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/ubuntu-email
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/X
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/xad
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/xdg-desktop
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/xdg-open
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/tunables/share
%dir %{profiles_dir}/abstractions/apparmor_api
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/abstractions/apparmor_api/change_profile
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/bin.ping
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/lsb_release
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/nvidia_modprobe
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/php-fpm
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/sbin.*
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/usr.lib.*
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/usr.sbin.*
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/local/bin.ping
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/local/lsb_release
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/local/nvidia_modprobe
+%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/local/php-fpm
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/local/sbin.*
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/local/usr.lib.*
%config(noreplace) %verify(not md5 mtime size) %{profiles_dir}/local/usr.sbin.*
%{extras_dir}/README
%{extras_dir}/bin.netstat
%{extras_dir}/etc.cron.daily.*
+%{extras_dir}/postfix-*
%{extras_dir}/sbin.*
%{extras_dir}/usr.NX.bin.nxclient
%{extras_dir}/usr.bin.*
projects / packages / apparmor-profiles.git / commitdiff