[apparmor] [patch] /bin/ping - usrMerge
Christian Boltz
apparmor at cboltz.de
Fri Jul 6 22:39:48 UTC 2012
Hello,
maybe you already heard that some distributions (at least Fedora and
openSUSE) are going to move binaries from /bin/ to /usr/bin/ (and create
a compatibility symlink in /bin/).
If that's new to you, have a look at
http://en.opensuse.org/openSUSE:Usr_merge
http://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge
As a side effect, existing profiles like bin.ping won't protect ping
after it has been moved to /usr/bin.
>From the binaries with a default profile, this affects /bin/ping.
The various sbin.* will probably follow one day (they were not moved
yet, therefore I don't include them in the patch for now).
Long story short, here's the patch:
=== modified file 'profiles/apparmor.d/bin.ping'
--- profiles/apparmor.d/bin.ping 2010-08-05 19:00:02 +0000
+++ profiles/apparmor.d/bin.ping 2012-07-01 11:05:38 +0000
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
#include <tunables/global>
-/bin/ping {
+/{usr/,}bin/ping {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
Regards,
Christian Boltz
--
Ein Experte ist ein Mensch, den man in letzter Minute hinzuzieht,
um einen Mitschuldigen zu haben.
More information about the AppArmor
mailing list