Browse code
Apparmor updates
Changes include:
1. Enabling the service post installation.
2. Modified service file to start during command start instead of Reload.
Change-Id: Idcb551726325ab4720fc7a0cd3da3345434d567e
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5467
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Srivatsa S. Bhat <srivatsab@vmware.com>
Reviewed-by: Sharath George
Keerthana K authored on 2018/08/09 08:45:27Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,12 @@ |
| 0 |
+diff -Naur apparmor-2.13/parser/apparmor.service apparmor-2.13-mod/parser/apparmor.service |
|
| 1 |
+--- apparmor-2.13/parser/apparmor.service 2018-04-15 19:18:53.000000000 +0530 |
|
| 2 |
+@@ -9,7 +9,7 @@ |
|
| 3 |
+ |
|
| 4 |
+ [Service] |
|
| 5 |
+ Type=oneshot |
|
| 6 |
+-ExecStart=/lib/apparmor/apparmor.systemd reload |
|
| 7 |
++ExecStart=/lib/apparmor/apparmor.systemd start |
|
| 8 |
+ ExecReload=/lib/apparmor/apparmor.systemd reload |
|
| 9 |
+ |
|
| 10 |
+ # systemd maps 'restart' to 'stop; start' which means removing AppArmor confinement |
| ... | ... |
@@ -1,12 +1,13 @@ |
| 1 | 1 |
Name: apparmor |
| 2 | 2 |
Version: 2.13 |
| 3 |
-Release: 2%{?dist}
|
|
| 3 |
+Release: 3%{?dist}
|
|
| 4 | 4 |
Summary: AppArmor is an effective and easy-to-use Linux application security system. |
| 5 | 5 |
License: GNU LGPL v2.1 |
| 6 | 6 |
URL: https://launchpad.net/apparmor |
| 7 | 7 |
Source0: https://launchpad.net/apparmor/2.13/2.13.0/+download/%{name}-%{version}.tar.gz
|
| 8 | 8 |
%define sha1 apparmor=54202cafce24911c45141d66e2d1e037e8aa5746 |
| 9 | 9 |
Patch0: apparmor-set-profiles-complain-mode.patch |
| 10 |
+Patch1: apparmor-service-start-fix.patch |
|
| 10 | 11 |
Vendor: VMware, Inc. |
| 11 | 12 |
Distribution: Photon |
| 12 | 13 |
Group: Productivity/Security |
| ... | ... |
@@ -86,6 +87,7 @@ Summary: AppArmor userlevel parser utility |
| 86 | 86 |
License: GNU LGPL v2.1 |
| 87 | 87 |
Group: Productivity/Security |
| 88 | 88 |
Requires: libapparmor = %{version}-%{release}
|
| 89 |
+Requires: systemd |
|
| 89 | 90 |
|
| 90 | 91 |
%description parser |
| 91 | 92 |
The AppArmor Parser is a userlevel program that is used to load in |
| ... | ... |
@@ -162,6 +164,7 @@ applications interfacing with AppArmor. |
| 162 | 162 |
%prep |
| 163 | 163 |
%setup -q -n %{name}-%{version}
|
| 164 | 164 |
%patch0 -p1 |
| 165 |
+%patch1 -p1 |
|
| 165 | 166 |
|
| 166 | 167 |
%build |
| 167 | 168 |
export PYTHONPATH=/usr/lib/python3.6/site-packages |
| ... | ... |
@@ -240,6 +243,12 @@ make DESTDIR=%{buildroot} install
|
| 240 | 240 |
%defattr(-,root,root) |
| 241 | 241 |
%{_libdir}/libapparmor.so.*
|
| 242 | 242 |
|
| 243 |
+%post -n libapparmor |
|
| 244 |
+/sbin/ldconfig |
|
| 245 |
+ |
|
| 246 |
+%postun -n libapparmor |
|
| 247 |
+/sbin/ldconfig |
|
| 248 |
+ |
|
| 243 | 249 |
%files -n libapparmor-devel |
| 244 | 250 |
%defattr(-,root,root) |
| 245 | 251 |
%{_libdir}/libapparmor.a
|
| ... | ... |
@@ -267,11 +276,11 @@ make DESTDIR=%{buildroot} install
|
| 267 | 267 |
%files profiles |
| 268 | 268 |
%defattr(-,root,root,755) |
| 269 | 269 |
%dir %{_sysconfdir}/apparmor.d/apache2.d
|
| 270 |
-%{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
|
|
| 271 |
-%{_sysconfdir}/apparmor.d/bin.*
|
|
| 272 |
-%{_sysconfdir}/apparmor.d/sbin.*
|
|
| 273 |
-%{_sysconfdir}/apparmor.d/usr.*
|
|
| 274 |
-%{_sysconfdir}/apparmor.d/local/*
|
|
| 270 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
|
|
| 271 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/bin.*
|
|
| 272 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
|
|
| 273 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
|
|
| 274 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/*
|
|
| 275 | 275 |
%dir %{_datadir}/apparmor
|
| 276 | 276 |
%{_datadir}/apparmor/extra-profiles/*
|
| 277 | 277 |
|
| ... | ... |
@@ -283,10 +292,11 @@ make DESTDIR=%{buildroot} install
|
| 283 | 283 |
/lib/apparmor/apparmor.systemd |
| 284 | 284 |
%{_bindir}/aa-exec
|
| 285 | 285 |
%{_bindir}/aa-enabled
|
| 286 |
-%{_prefix}%{_unitdir}/apparmor.service
|
|
| 286 |
+%attr(644,root,root) %{_prefix}%{_unitdir}/apparmor.service
|
|
| 287 | 287 |
%dir %{_sysconfdir}/apparmor
|
| 288 |
-%{_sysconfdir}/apparmor/parser.conf
|
|
| 289 |
-%{_sysconfdir}/apparmor/subdomain.conf
|
|
| 288 |
+%dir %{_sysconfdir}/apparmor.d
|
|
| 289 |
+%config(noreplace) %{_sysconfdir}/apparmor/parser.conf
|
|
| 290 |
+%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
|
|
| 290 | 291 |
%{_localstatedir}/lib/apparmor
|
| 291 | 292 |
%doc %{_mandir}/man5/apparmor.d.5.gz
|
| 292 | 293 |
%doc %{_mandir}/man5/apparmor.vim.5.gz
|
| ... | ... |
@@ -297,30 +307,31 @@ make DESTDIR=%{buildroot} install
|
| 297 | 297 |
%doc %{_mandir}/man1/aa-exec.1.gz
|
| 298 | 298 |
%doc %{_mandir}/man2/aa_stack_profile.2.gz
|
| 299 | 299 |
|
| 300 |
+%preun parser |
|
| 301 |
+%systemd_preun apparmor.service |
|
| 302 |
+ |
|
| 300 | 303 |
%post parser |
| 301 |
-/sbin/ldconfig |
|
| 304 |
+%systemd_post apparmor.service |
|
| 302 | 305 |
|
| 303 |
-%preun parser |
|
| 304 |
-/sbin/ldconfig |
|
| 306 |
+%postun parser |
|
| 307 |
+%systemd_postun_with_restart apparmor.service |
|
| 305 | 308 |
|
| 306 | 309 |
%files abstractions |
| 307 | 310 |
%defattr(644,root,root,755) |
| 308 |
-%dir %{_sysconfdir}/apparmor.d/
|
|
| 309 | 311 |
%dir %{_sysconfdir}/apparmor.d/abstractions
|
| 310 |
-%{_sysconfdir}/apparmor.d/abstractions/*
|
|
| 312 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/*
|
|
| 311 | 313 |
%dir %{_sysconfdir}/apparmor.d/disable
|
| 312 | 314 |
%dir %{_sysconfdir}/apparmor.d/local
|
| 313 | 315 |
%dir %{_sysconfdir}/apparmor.d/tunables
|
| 314 |
-%{_sysconfdir}/apparmor.d/tunables/*
|
|
| 316 |
+%config(noreplace) %{_sysconfdir}/apparmor.d/tunables/*
|
|
| 315 | 317 |
%exclude %{_datadir}/locale
|
| 316 | 318 |
|
| 317 | 319 |
%files utils |
| 318 | 320 |
%defattr(-,root,root) |
| 319 |
-%dir %{_sysconfdir}/apparmor
|
|
| 320 |
-%{_sysconfdir}/apparmor/easyprof.conf
|
|
| 321 |
-%{_sysconfdir}/apparmor/logprof.conf
|
|
| 322 |
-%{_sysconfdir}/apparmor/notify.conf
|
|
| 323 |
-%{_sysconfdir}/apparmor/severity.db
|
|
| 321 |
+%config(noreplace) %{_sysconfdir}/apparmor/easyprof.conf
|
|
| 322 |
+%config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
|
|
| 323 |
+%config(noreplace) %{_sysconfdir}/apparmor/notify.conf
|
|
| 324 |
+%config(noreplace) %{_sysconfdir}/apparmor/severity.db
|
|
| 324 | 325 |
/sbin/aa-teardown |
| 325 | 326 |
%{_sbindir}/aa-*
|
| 326 | 327 |
%{_sbindir}/apparmor_status
|
| ... | ... |
@@ -362,6 +373,9 @@ make DESTDIR=%{buildroot} install
|
| 362 | 362 |
%{_libdir}/ruby/site_ruby/2.4.0/x86_64-linux/LibAppArmor.so
|
| 363 | 363 |
|
| 364 | 364 |
%changelog |
| 365 |
+* Wed Aug 8 2018 Keerthana K <keerthanak@vmware.com> 2.13-3 |
|
| 366 |
+- Updating apparmor.service to start instead of reload during command start. |
|
| 367 |
+- Enabling apparmor service post installation of parser. |
|
| 365 | 368 |
* Wed Aug 1 2018 Keerthana K <keerthanak@vmware.com> 2.13-2 |
| 366 | 369 |
- Added apparmor-abstractions a dependency for apparmor-profiles and apparmor-utils. |
| 367 | 370 |
- Add apparmor-default-profiles to complain mode after boot. |