[apparmor] [PATCH] add multiarch support to abstractions

Steve Beattie steve at nxnw.org
Wed Mar 23 18:41:38 UTC 2011


On Thu, Mar 17, 2011 at 11:28:44AM -0700, Kees Cook wrote:
> On Thu, Mar 17, 2011 at 08:59:36AM -0700, John Johansen wrote:
> > hrmm what about using a variable?
> > 
> > @{multiarch}={i386,i686,x86_64}
> > or even
> > @{multiarch}=*
> > 
> > then the rules would be
> > /lib/@{multiarch}-linux-gnu/...
> > 
> > to me it documents the whole thing better and allows easier customization/
> > modification if needed or desired
> 
> If we do it, I would prefer to use "*", but it's worth noting that
> installing qemu and other crazy things could let you install all kinds of
> insane tuples for multiarch. How about this?
> 
> @{multiarch}=*-linux-gnu
> with
> /lib/@{multiarch}/...
> 
> and when people do really insane stuff they can add to it:
> 
> @{multiarch}=*-linux-gnu s390-wtf-zomg
> 
> but we can ship the former.

That works for me. Note that Ubuntu discovered that armel doesn't match
'*-linux-gnu' and more paths that needed updating (see
https://bugs.launchpad.net/bugs/736870). Attached is a patch based on
their fix for this issue. Thoughts?

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apparmor-profiles_multiarch.patch
Type: text/x-diff
Size: 10128 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110323/fced0ae8/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110323/fced0ae8/attachment.pgp>


More information about the AppArmor mailing list