[apparmor] [PATCH] add multiarch support to abstractions

John Johansen john.johansen at canonical.com
Thu Mar 17 15:59:36 UTC 2011


On 03/17/2011 07:28 AM, Jamie Strandboge wrote:
> With the upload of 2.13-0ubuntu6, libc6 has changed some of its paths
> based on DEB_HOST_MULTIARCH. Eg, on amd64:
> $ cat /etc/ld.so.conf.d/x86_64-linux-gnu.conf
> # Multiarch support
> /lib/x86_64-linux-gnu
> /usr/lib/x86_64-linux-gnu
> 
> and on i386:
> $ cat /etc/ld.so.conf.d/i686-linux-gnu.conf
> # Multiarch support
> /lib/i386-linux-gnu
> /usr/lib/i386-linux-gnu
> /lib/i686-linux-gnu
> /usr/lib/i686-linux-gnu
> 
> Paths should be added to the abstractions[1] to use:
> /lib/*-linux-gnu/...
> /usr/lib/*-linux-gnu/...
> 
> We could probably do something like this instead:
> /lib/{i386,i686,x86_64}-linux-gnu/...
> /usr/lib/{i386,i686,x86_64}-linux-gnu/...
> 
> but since there will be different archs on different distributions as
> well as new archs, I'd prefer to leave the glob, which is already fairly
> specific.
> 
> I went through all the abstraction that had '64' in them, but only base
> and nameservice were updated this time. Also, these days /lib/tls/ isn't
> used (it was part of libc6-i686, which is now a Provides of libc6), so I
> didn't add paths for tls. It is believed as more packages are delivered
> with multiarch support, we will have to adjust more abstractions. Until
> we actually see what those paths are though, there isn't much more we
> can do atm.

hrmm what about using a variable?

@{multiarch}={i386,i686,x86_64}
or even
@{multiarch}=*

then the rules would be
/lib/@{multiarch}-linux-gnu/...

to me it documents the whole thing better and allows easier customization/
modification if needed or desired



More information about the AppArmor mailing list