pam_apparmor-32bit - PAM module for AppArmor change_hat

Distribution: openSUSE 42.1
Repository: openSUSE Update Oss all
Package name: pam_apparmor-32bit
Package version: 2.10.2
Package release: 12.1
Package architecture: x86_64
Package type: rpm
Installed size: 9.45 KB
Download size: 41.67 KB
Official Mirror:
The pam_apparmor module provides the means for any PAM applications that call pam_open_session() to automatically perform an AppArmor change_hat operation in order to switch to a user-specific security policy.


  • pam_apparmor-32bit = 2.10.2-12.1
  • pam_apparmor-32bit(x86-32) = 2.10.2-12.1

    Install Howto

    Install pam_apparmor-32bit rpm package:

    # zypper install pam_apparmor-32bit


    • /lib/security/


    2017-03-26 - - add upstream-changes-2.10-r3385..3390.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766) - fix a crash in aa-logprof on specific change_hat events - migration to apparmor.service turned out to accidently disable AppArmor. Add a workaround to fix this (boo#1017260 starting at #c7) Note: This will re-enable AppArmor if it was disabled by the last update. You'll need to "rcapparmor reload" to actually load the profiles, and then check aa-status for programs that need to be restarted to apply the profiles. - add var.mount dependeny to apparmor.service (boo#1016259#c34)

    2017-02-01 - - Recommend net-tools instead of net-tools-deprecated for 42.x (boo#1022963)

    2017-01-30 - - add profile-updates-2.10r3381..3384.diff with updates for abstractions/base, abstractions/apache2-common and dovecot profiles

    2017-01-24 - - package apparmor.service also in Leap where it was missing thanks to a wrong/outdated if statement (boo#1017260) Note: If you manually disabled AppArmor, this change will re-enable it.

    2017-01-24 - - change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net

    2017-01-10 - - update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff

    2016-10-23 - - add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)

    2016-10-13 - - add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile

    2016-08-26 - - add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests

    2016-05-24 - - add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)