[packages/apparmor-profiles] - rel 2; fixes from archlinux

arekm arekm at pld-linux.org
Thu Jul 16 12:11:20 CEST 2020 

commit 4db3900da03c3d039a458616f3f1e8b070cd98aa
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Jul 16 12:11:13 2020 +0200

    - rel 2; fixes from archlinux

 apparmor-2.13.4-fix_systemd_userdb.patch | 32 ++++++++++++++++++++++++++++++++
 apparmor-profiles.spec                   |  4 +++-
 2 files changed, 35 insertions(+), 1 deletion(-)
---
diff --git a/apparmor-profiles.spec b/apparmor-profiles.spec
index c767e64..8afd1f8 100644
--- a/apparmor-profiles.spec
+++ b/apparmor-profiles.spec
@@ -2,12 +2,13 @@ Summary:	AppArmor profiles
 Summary(pl.UTF-8):	Profile AppArmor
 Name:		apparmor-profiles
 Version:	2.13.4
-Release:	1
+Release:	2
 Epoch:		1
 License:	GPL v2
 Group:		Base
 Source0:	http://launchpad.net/apparmor/2.13/%{version}/+download/apparmor-%{version}.tar.gz
 # Source0-md5:	a50b793a3362551f07733be3df9c328f
+Patch0:		apparmor-2.13.4-fix_systemd_userdb.patch
 URL:		http://wiki.apparmor.net/
 Requires:	apparmor-parser
 Provides:	subdomain-profiles
@@ -59,6 +60,7 @@ Przykładowe profile AppArmor.
 
 %prep
 %setup -q -n apparmor-%{version}
+%patch0 -p1
 
 %install
 rm -rf $RPM_BUILD_ROOT
diff --git a/apparmor-2.13.4-fix_systemd_userdb.patch b/apparmor-2.13.4-fix_systemd_userdb.patch
new file mode 100644
index 0000000..4ee0c87
--- /dev/null
+++ b/apparmor-2.13.4-fix_systemd_userdb.patch
@@ -0,0 +1,32 @@
+From 16f9f6885aff84123c0b52197f435e40d656c0e4 Mon Sep 17 00:00:00 2001
+From: nl6720 <nl6720 at gmail.com>
+Date: Thu, 19 Mar 2020 12:05:44 +0200
+Subject: [PATCH] abstractions/nameservice: allow accessing
+ /run/systemd/userdb/
+
+On systems with systemd 245, nss-systemd additionally queries NSS records from systemd-userdbd.service. See https://systemd.io/USER_GROUP_API/ .
+
+Signed-off-by: nl6720 <nl6720 at gmail.com>
+---
+ profiles/apparmor.d/abstractions/nameservice | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
+index 760e449e..2f3b1d15 100644
+--- a/profiles/apparmor.d/abstractions/nameservice
++++ b/profiles/apparmor.d/abstractions/nameservice
+@@ -29,6 +29,11 @@
+   /var/lib/extrausers/group  r,
+   /var/lib/extrausers/passwd r,
+ 
++  # NSS records from systemd-userdbd.service
++  @{run}/systemd/userdb/ r,
++  @{run}/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
++  @{PROC}/sys/kernel/random/boot_id r,
++
+   # When using sssd, the passwd and group files are stored in an alternate path
+   # and the nss plugin also needs to talk to a pipe
+   /var/lib/sss/mc/group   r,
+-- 
+2.26.2
+
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apparmor-profiles.git/commitdiff/4db3900da03c3d039a458616f3f1e8b070cd98aa

More information about the pld-cvs-commit mailing list