abstractions/mesa: allow checking if the kernel supports the i915 perf interface
See merge request apparmor/apparmor!464
Acked-by: Vincas Dargis <vindrg@gmail.com>
Acked-by: Christian Boltz <apparmor@cboltz.de> for master and 2.13
On systems with systemd 245, nss-systemd additionally queries NSS records from systemd-userdbd.service. See https://systemd.io/USER_GROUP_API/ .
Signed-off-by: nl6720 <nl6720@gmail.com>
Another instance of using libvirt_leaseshelper without having
libexec access. As addressed in the previous patch.
issue: https://gitlab.com/apparmor/apparmor/-/issues/87
Signed-off-by: John Johansen <john.johansen@canonical.com>
The error:
type=AVC msg=audit(1585403559.846:34317577): apparmor="DENIED" operation="exec" profile="/usr/sbin/dnsmasq" name="/usr/libexec/libvirt_leaseshelper" pid=7162 comm="sh" requested_mas
k="x" denied_mask="x" fsuid=0 ouid=0
type=AVC msg=audit(1585403559.846:34317578): apparmor="DENIED" operation="open" profile="/usr/sbin/dnsmasq" name="/usr/libexec/libvirt_leaseshelper" pid=7162 comm="sh" requested_mas
k="r" denied_mask="r" fsuid=0 ouid=0
Looks like the path to libvirt_leasehelper is incorrect usr.sbin.dnsmasq, at least in gentoo. Patching the file fixes the problem:
issue: https://gitlab.com/apparmor/apparmor/-/issues/87
Signed-off-by: John Johansen <john.johansen@canonical.com>
This patch fixes a couple of nitpicks that I encountered packaging apparmor for buildroot:
1. In a cross-compiling environment, python executable cannot be trusted for getting the python settings because it is generally compiled for the host. For this reason, we should rely on target python-config.
1. Setup.py for libapparmor swig bindings is always called without taking into account the discovered settings from ac_python_devel.m4
PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/462
When crosscompiling, setupy.py should be called passing the settings
discovered by ac_python_devel.m4 and not using the default system
settings.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
In a crosscompiling environment it's common to have a python executable
running for the host system with a python-config reporting the host
configuration and a second python-config reporting the target configuration.
In such cases, relying on the default oython-config is wrong and breaks
the cross compilation.
This patch adds a PYTHON_CONFIG variable that can be pointed to the second
python-config and fixes the rest of the m4 accordingly.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
This way we could generate the capabilities in a way that works with every version of make. Changes to list_capabilities are intended to exactly replicate the old behavior.
PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/461
Signed-off-by: John Johansen <john.johansen@canonical.com>
Update usr.sbin.winbindd profile to allow krb5 rcache files locking
See merge request apparmor/apparmor!460
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.11..master
This way we could generate the capabilities in a way that works with
every version of make.
Changes to list_capabilities are intended to exactly replicate the old
behavior.
The library version must be consistent across releases. Since 2.13.4
and master use the same library version it needs to be updated.
Signed-off-by: John Johansen <john.johansen@canonical.com>
