# $Id$ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, contact Novell, Inc. # ------------------------------------------------------------------ # norootforbuild %if ! %{?distro:1}0 %define distro suse %endif Summary: AppArmor profiles Name: apparmor-profiles Version: @@immunix_version@@ Release: @@repo_version@@ Group: Productivity/Security Source0: %{name}-%{version}-@@repo_version@@.tar.gz License: GPL BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build Url: http://forge.novell.com/modules/xfmod/project/?apparmor Requires: apparmor-parser BuildArch: noarch Obsoletes: subdomain-profiles Provides: subdomain-profiles # hrm, still need to enumerate each directory in these paths in files :( %define extras_dir %{_sysconfdir}/apparmor/profiles/extras/ %define profiles_dir %{_sysconfdir}/apparmor.d/ %description Base AppArmor profiles (aka security policy). AppArmor is a file mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain. %prep %setup -q %build [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} %install [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} make install DESTDIR=${RPM_BUILD_ROOT} DISTRO=%{distro} \ EXTRASDIR=${RPM_BUILD_ROOT}/%{extras_dir}/ %clean [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %attr(644, root, root) %config(noreplace) %{profiles_dir}/* %attr(644, root, root) %config(noreplace) %{extras_dir}/* %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/abstractions/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/program-chunks/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor.d/tunables/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/ %dir %attr(-, root, root) %{_sysconfdir}/apparmor/profiles/extras/ %post %preun %changelog * Wed Apr 12 2006 Steve Beattie - Move to forge svn repo; fix build issue due to new dir layout * Fri Apr 7 2006 Dominic Reynolds 2.0-11.1 - seth.arnold: - Fix for base (ntpd) - #164150 - Fix for postfix.qmgr - #156446 * Mon Apr 3 2006 Seth Arnold 2.0-11.1 - Fix for postfix/sasl (#159667) - Fix for NIS/portmapper nameservice capabilities * Thu Mar 30 2006 Dominic Reynolds 2.0-10.1 - Fix for postalias (#158689) * Sun Mar 12 2006 Dominic Reynolds 2.0-10.1 - Fix for sendmail to add a px transtion to usr.lib.postfix.smtpd (#156998) * Thu Mar 9 2006 Seth Arnold 2.0-9.1 - new svnserve profile in extras (not enforcing), postfix ldap fixes (#156091) - procmail now runs unconfined from postfix, sendmail * Wed Mar 8 2006 Seth Arnold 2.0-8.1 - net_bind_service for postfix's cleanup, smtp. (#143336) - whitespace fix * Fri Feb 24 2006 Seth Arnold 2.0-7.1 - icon caches, fontconfig - Re-disable httpd2-prefork * Fri Feb 17 2006 Seth Arnold 2.0-6.1 - Re-enable http2d-prefork, named, clarify tunables/home * Thu Feb 9 2006 Seth Arnold 2.0-5.3 - Re-enable sendmail, split apart traceroute * Wed Feb 8 2006 Steve Beattie 2.0-5.2 - Fix tunables/home to not emit multiple slashes - Fix klogd per #143336 * Thu Feb 2 2006 Seth Arnold 2.0-5.1 - slight re-org, some more use of variables * Tue Jan 31 2006 Seth Arnold 2.0-5 - /etc/apparmor.d/tunables/home * Thu Jan 26 2006 Dominic Reynolds 2.0-4.1 - Moved directory /etc/subdomain.d to /etc/apparmor.d. - Changed vim tag in profiles to syntax=apparmor * Mon Jan 23 2006 Dominic Reynolds 2.0-4 - Removal of profiles referencing /home/. * Wed Jan 4 2006 Steve Beattie 2.0-3 - Add svn repo to tarball * Wed Dec 7 2005 Steve Beattie 2.0-2 - dreynolds: remove unused netdomain rules - srarnold: allow read access to policy subdirs * Wed Dec 7 2005 Steve Beattie 2.0-1 - Reset version for inclusion in SUSE autobuild * Mon Dec 5 2005 Dominic Reynolds 1.99-8 - License changes to GPL - added new headers. Change the extra profiles to be installed in /etc/apparmor. * Wed Nov 30 2005 Steve Beattie 1.99-7 - Rename package to apparmor-profiles * Thu Nov 3 2005 Seth Arnold 1.99-6_imnx - abstractions/gnome bug-buddy and segv handler * Tue Sep 6 2005 Seth Arnold 1.99-5_imnx - include the abstractions/ and program-chunks/ * Sun Sep 4 2005 Dominic Reynolds dreynolds@suse.de - disable the gconf profile * Fri Sep 2 2005 Jesse Michael - more x86_64 fixes * Tue Aug 30 2005 - dreynolds@suse.de - Removed bonobo-activation-server profile and references, updated GConf2 * Mon Aug 29 2005 - dreynolds@suse.de - Added evolution profile, enabled other desktop apps. * Mon Apr 4 2005 Seth Arnold 1.99-4_imnx - fix Requires: * Sat Mar 26 2005 Steve Beattie - Convert sshd profile to newer style hats * Mon Mar 14 2005 Steve Beattie - subdomain_parser package renamed to subdomain-parser * Wed Mar 9 2005 Steve Beattie - Fix some internal handling of % distro * Tue Feb 22 2005 Seth Arnold 1.99-3_imnx - more generic apache2 module names * Fri Feb 11 2005 Steve Beattie 1.99-2_imnx - Add postfix's tlsmgr process, and other profile updates * Fri Feb 4 2005 Seth Arnold 1.99-1_imnx - Reversion to 1.99 * Wed Feb 2 2005 Seth Arnold 1.2-13_imnx - A few small rules for postmap * Tue Jan 11 2005 Seth Arnold 1.2-12_imnx - Add some 64-bit paths to profiles * Thu Dec 16 2004 Seth Arnold 1.2-11_imnx - apache desires sys_tty_config * Mon Dec 6 2004 Steve Beattie 1.2-10_imnx - Add postfix tlsmgr program, included in SuSE 9.2. * Mon Nov 22 2004 Seth Arnold 1.2-9_imnx - clean up loose ends of program-chunks and abstractions conversion, thanks Dominic * Wed Nov 17 2004 Steve Beattie 1.2-8_imnx - Add minimal build support for RHEL3. * Sun Nov 7 2004 Steve Beattie 1.2-7_imnx - Add slack build support infrastructure and use it. * Fri Nov 5 2004 Seth Arnold 1.2-6_imnx - new procmail profile; no forwarding to user@host capability. * Tue Oct 26 2004 Seth Arnold 1.2-4_imnx - new postfix proxymap * Tue Oct 26 2004 Seth Arnold 1.1-4_imnx - duplicate apache-default-uri so that apache with and without mod_change_hat can function * Tue Oct 19 2004 Seth Arnold 1.2-3_imnx - ntp drift file access * Wed Oct 13 2004 Seth Arnold 1.2-2_imnx - remove program-chunks/apache-subprofiles from apache2 profile - remove useradd and userdel profiles. * Tue Oct 12 2004 Steve Beattie 1.2-1_imnx - Bump version after shass-1.1 branched off * Tue Oct 5 2004 Seth Arnold 1.0-9.4_imnx - Modify the directories a bit * Thu Sep 30 2004 Seth Arnold 1.0-9.3_imnx - Prune the list of installed profiles - Profile updates * Thu Sep 2 2004 Steve Beattie 1.0-10_imnx - Copyright fixups - Bunchteen fixes to profiles to make them functional - support for non-changehat and enhanced changehat sshd * Wed Jul 21 2004 Steve Beattie 1.0-9_imnx - first attempt to make cross-distro rpm * Mon Jul 12 2004 John Johansen 1.0-8_imnx - Moved from /usr/src/immunix/.. to %{module_src_prefix} * Wed Jun 23 2004 David Drewelow 1.0-7_imnx - Moved ./extras /usr/src/immunix/.. & ./progs-enabled to top of dir * Wed Jun 23 2004 Seth Arnold 1.0-6_imnx - add ldd and ld profiles * Wed Jun 23 2004 David Drewelow 1.0-5_imnx - Moved sshd and httpd profiles to /extras, split /extras & /progs-enabled * Tue Jun 22 2004 Seth Arnold 1.0-5_imnx - Remove sshd profile, add squid profile * Tue Jun 22 2004 Seth Arnold 1.0-4_imnx - Remove sshd profile, add squid profile