[apparmor] [patch] /bin/ping - usrMerge
John Johansen
john.johansen at canonical.com
Fri Jul 6 23:01:19 UTC 2012
On 07/06/2012 03:39 PM, Christian Boltz wrote:
> Hello,
>
> maybe you already heard that some distributions (at least Fedora and
> openSUSE) are going to move binaries from /bin/ to /usr/bin/ (and create
> a compatibility symlink in /bin/).
>
yeah I think I heard something about that madness ;-)
> If that's new to you, have a look at
> http://en.opensuse.org/openSUSE:Usr_merge
> http://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge
>
> As a side effect, existing profiles like bin.ping won't protect ping
> after it has been moved to /usr/bin.
>
well obviously that is a strong argument against making such a change
> From the binaries with a default profile, this affects /bin/ping.
> The various sbin.* will probably follow one day (they were not moved
> yet, therefore I don't include them in the patch for now).
>
>
> Long story short, here's the patch:
>
Acked-by: John Johansen <john.johansen at canonical.com>
although I think I would prefer
profile ping /{usr/,}bin/ping {
> === modified file 'profiles/apparmor.d/bin.ping'
> --- profiles/apparmor.d/bin.ping 2010-08-05 19:00:02 +0000
> +++ profiles/apparmor.d/bin.ping 2012-07-01 11:05:38 +0000
> @@ -10,7 +10,7 @@
> # ------------------------------------------------------------------
>
> #include <tunables/global>
> -/bin/ping {
> +/{usr/,}bin/ping {
> #include <abstractions/base>
> #include <abstractions/consoles>
> #include <abstractions/nameservice>
>
>
> Regards,
>
> Christian Boltz
>
More information about the AppArmor
mailing list