Recommended update for apparmor

SUSE Recommended Update: Recommended update for apparmor
Announcement ID: SUSE-RU-2019:0151-1
Rating: moderate
References: #1082956 #1097370 #1100779 #1111342 #1117354 #1119937 #1120472
Affected Products:
  • SUSE Linux Enterprise Module for Server Applications 15
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
  • SUSE Linux Enterprise Module for Basesystem 15

An update that has 7 recommended fixes can now be installed.

Description:

This update for apparmor fixes the following issues:

  • Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354)
  • allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499)
  • dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472)
  • netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]

Update to AppArmor 2.12.2:
- add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog
Update to AppArmor 2.12.1:
- add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ("include if exists") - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Server Applications 15:
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-151=1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-151=1
  • SUSE Linux Enterprise Module for Basesystem 15:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-151=1

Package List:

  • SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64):
    • apache2-mod_apparmor-2.12.2-7.9.1
    • apache2-mod_apparmor-debuginfo-2.12.2-7.9.1
    • apparmor-debugsource-2.12.2-7.9.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):
    • apparmor-debugsource-2.12.2-7.9.1
    • ruby-apparmor-2.12.2-7.9.1
    • ruby-apparmor-debuginfo-2.12.2-7.9.1
  • SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
    • apparmor-debugsource-2.12.2-7.9.1
    • apparmor-parser-2.12.2-7.9.1
    • apparmor-parser-debuginfo-2.12.2-7.9.1
    • libapparmor-debugsource-2.12.2-7.9.1
    • libapparmor-devel-2.12.2-7.9.1
    • libapparmor1-2.12.2-7.9.1
    • libapparmor1-debuginfo-2.12.2-7.9.1
    • pam_apparmor-2.12.2-7.9.1
    • pam_apparmor-debuginfo-2.12.2-7.9.1
    • perl-apparmor-2.12.2-7.9.1
    • perl-apparmor-debuginfo-2.12.2-7.9.1
    • python3-apparmor-2.12.2-7.9.1
    • python3-apparmor-debuginfo-2.12.2-7.9.1
  • SUSE Linux Enterprise Module for Basesystem 15 (x86_64):
    • libapparmor1-32bit-2.12.2-7.9.1
    • libapparmor1-32bit-debuginfo-2.12.2-7.9.1
    • pam_apparmor-32bit-2.12.2-7.9.1
    • pam_apparmor-32bit-debuginfo-2.12.2-7.9.1
  • SUSE Linux Enterprise Module for Basesystem 15 (noarch):
    • apparmor-abstractions-2.12.2-7.9.1
    • apparmor-docs-2.12.2-7.9.1
    • apparmor-parser-lang-2.12.2-7.9.1
    • apparmor-profiles-2.12.2-7.9.1
    • apparmor-utils-2.12.2-7.9.1
    • apparmor-utils-lang-2.12.2-7.9.1

References: