summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-patches
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2015-08-07 15:25:41 +0200
committeranonym <anonym@riseup.net>2015-08-07 15:25:41 +0200
commita7419ab4bebc4f844e460f460d7d3ab487f81f6a (patch)
treec5004e7ab32ba7a477524aad6bcd0e50374bb3e3 /config/chroot_local-patches
parenta2fd0ea3fddd79195673db01dd23f49a45ee7eb0 (diff)
parent502edfcbcf680f3dfb5cceb31fa00779e378e238 (diff)
Merge remote-tracking branch 'origin/testing' into feature/jessie
Conflicts: config/base_branch config/chroot_apt/preferences features/totem.feature
Diffstat (limited to 'config/chroot_local-patches')
-rw-r--r--config/chroot_local-patches/apparmor-adjust-home-tunable.diff12
-rw-r--r--config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff14
-rw-r--r--config/chroot_local-patches/apparmor-adjust-tor-profile.diff21
-rw-r--r--config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff15
-rw-r--r--config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff26
-rw-r--r--config/chroot_local-patches/apparmor-aliases.diff62
-rw-r--r--config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch13
7 files changed, 121 insertions, 42 deletions
diff --git a/config/chroot_local-patches/apparmor-adjust-home-tunable.diff b/config/chroot_local-patches/apparmor-adjust-home-tunable.diff
deleted file mode 100644
index d8de414..0000000
--- a/config/chroot_local-patches/apparmor-adjust-home-tunable.diff
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/etc/apparmor.d/tunables/home 2012-07-17 17:30:16.000000000 +0000
-+++ b/etc/apparmor.d/tunables/home 2014-09-17 05:23:26.383556000 +0000
-@@ -18,7 +18,7 @@
- # @{HOMEDIRS} is a space-separated list of where user home directories
- # are stored, for programs that must enumerate all home directories on a
- # system.
--@{HOMEDIRS}=/home/
-+@{HOMEDIRS}=/home/ /lib/live/mount/overlay/home/
-
- # Also, include files in tunables/home.d for site-specific adjustments to
- # @{HOMEDIRS}.
-
diff --git a/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff b/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff
index 91c41fa..8e180d8 100644
--- a/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff
@@ -1,5 +1,14 @@
---- a/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:47:51.945948920 +0100
-+++ b/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:48:29.273511368 +0100
+--- a/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:02.453412928 +0000
++++ b/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:40.309205204 +0000
+@@ -11,7 +11,7 @@
+ #include <abstractions/enchant>
+ #include <abstractions/gnome>
+ #include <abstractions/ibus>
+- #include <abstractions/launchpad-integration>
++ # #include <abstractions/launchpad-integration>
+ #include <abstractions/nameservice>
+ #include <abstractions/private-files-strict>
+ #include <abstractions/ssl_certs>
@@ -46,6 +46,7 @@
/usr/bin/gvfs-open rmix,
/usr/bin/pidgin r,
@@ -8,3 +17,4 @@
/usr/share/gnome/applications/ r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
+
diff --git a/config/chroot_local-patches/apparmor-adjust-tor-profile.diff b/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
index 4c5737c..a22c22d 100644
--- a/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
@@ -1,18 +1,13 @@
---- a/etc/apparmor.d/system_tor 2014-09-12 15:44:48.000000000 +0000
-+++ b//etc/apparmor.d/system_tor 2014-09-17 04:41:35.591556000 +0000
-@@ -4,8 +4,12 @@
+--- a/etc/apparmor.d/system_tor 2015-06-04 12:28:12.243020484 +0000
++++ b/etc/apparmor.d/system_tor 2015-06-04 12:29:32.580249731 +0000
+@@ -4,6 +4,9 @@
profile system_tor {
#include <abstractions/tor>
-
-+ owner /etc/tor/torrc w,
-+ owner /etc/tor/torrc.* w,
-+ /lib/live/mount/overlay/etc/tor/* wl,
+
++ link /etc/tor/.wh.torrc -> /.wh..wh.aufs,
++ /etc/tor/* w,
+
-- owner /var/lib/tor/** rwk,
-- owner /var/log/tor/* w,
-+ owner /{,lib/live/mount/overlay/}var/lib/tor/** rwk,
-+ owner /{,lib/live/mount/overlay/}var/log/tor/* w,
+ owner /var/lib/tor/** rwk,
+ owner /var/log/tor/* w,
- /{,var/}run/tor/control w,
- /{,var/}run/tor/tor.pid w,
diff --git a/config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff b/config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff
deleted file mode 100644
index 078b240..0000000
--- a/config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/etc/apparmor.d/abstractions/user-tmp 2012-07-17 17:30:16.000000000 +0000
-+++ b/etc/apparmor.d/abstractions/user-tmp 2014-09-17 05:39:57.871556000 +0000
-@@ -14,7 +14,7 @@
- owner @{HOME}/tmp/ rw,
-
- # global tmp directories
-- owner /var/tmp/** rwkl,
-- /var/tmp/ rw,
-- owner /tmp/** rwkl,
-- /tmp/ rw,
-+ owner /{,lib/live/mount/overlay/}var/tmp/** rwkl,
-+ /{,lib/live/mount/overlay/}var/tmp/ rw,
-+ owner /{,lib/live/mount/overlay/}tmp/** rwkl,
-+ /{,lib/live/mount/overlay/}tmp/ rw,
-
diff --git a/config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff b/config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff
new file mode 100644
index 0000000..9a78089
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff
@@ -0,0 +1,26 @@
+--- a/etc/apparmor.d/usr.bin.vidalia 2015-06-10 09:15:34.668000000 +0000
++++ b/etc/apparmor.d/usr.bin.vidalia 2015-06-10 09:38:17.812000000 +0000
+@@ -9,6 +9,8 @@
+
+ owner @{HOME}/.vidalia/ rw,
+ owner @{HOME}/.vidalia/** rwmk,
++ owner /lib/live/mount/rootfs/*.squashfs/home/vidalia/.vidalia/ rw,
++ owner /lib/live/mount/rootfs/*.squashfs/home/vidalia/.vidalia/** rwmk,
+
+ /{var/,} r,
+ /{var/,}run/ r,
+@@ -22,6 +24,13 @@
+ owner @{PROC}/[0-9]*/cmdline r,
+ owner @{PROC}/[0-9]*/fd/ r,
+
++ deny /var/cache/fontconfig/ w,
++ /home/vidalia/.fontconfig/ rw,
++ /home/vidalia/.fontconfig/* rw,
++ /home/vidalia/.config/Trolltech.conf* rw,
++ /home/vidalia/.wh..wh..vidalia.*/ rw,
++ /lib/live/mount/overlay/home/vidalia/.wh..wh..vidalia.*/ rw,
++
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.vidalia>
+ }
+
diff --git a/config/chroot_local-patches/apparmor-aliases.diff b/config/chroot_local-patches/apparmor-aliases.diff
new file mode 100644
index 0000000..2d0cef0
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-aliases.diff
@@ -0,0 +1,62 @@
+--- a/etc/apparmor.d.orig/abstractions/base 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/abstractions/base 2015-06-03 18:11:08.402380000 +0000
+@@ -47,17 +47,19 @@
+ # available everywhere
+ /etc/ld.so.cache mr,
+ /lib{,32,64}/ld{,32,64}-*.so mrix,
+- /lib{,32,64}/**/ld{,32,64}-*.so mrix,
++ /lib{32,64}/**/ld{,32,64}-*.so mrix,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/ld{,32,64}-*.so mrix,
+ /lib/@{multiarch}/ld{,32,64}-*.so mrix,
+ /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
+ /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
+ /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
+
+ # we might as well allow everything to use common libraries
+- /lib{,32,64}/** r,
++ /lib{32,64}/** r,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
+ /lib{,32,64}/lib*.so* mr,
+- /lib{,32,64}/**/lib*.so* mr,
+- /lib/@{multiarch}/** r,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/lib*.so* mr,
++ /lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
+ /lib/@{multiarch}/lib*.so* mr,
+ /lib/@{multiarch}/**/lib*.so* mr,
+ /usr/lib{,32,64}/** r,
+diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /etc/apparmor.d/abstractions/ubuntu-helpers
+--- a/etc/apparmor.d.orig/abstractions/ubuntu-helpers 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/abstractions/ubuntu-helpers 2015-06-03 18:16:42.022380000 +0000
+@@ -63,8 +63,8 @@
+ # in limited libraries so glibc's secure execution should be enough to not
+ # require the santized_helper (ie, LD_PRELOAD will only use standard system
+ # paths (man ld.so)).
+- /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
+- /usr/lib/chromium-browser/chrome-sandbox PUxr,
++ # /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
++ # /usr/lib/chromium-browser/chrome-sandbox PUxr,
+ /opt/google/chrome/chrome-sandbox PUxr,
+ /opt/google/chrome/google-chrome Pixr,
+ /opt/google/chrome/chrome Pixr,
+@@ -73,7 +73,8 @@
+ # Full access
+ / r,
+ /** rwkl,
+- /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}{,**/}*.so{,.*} m,
++ /usr{/,/local/}lib{,32,64}/{,**/}*.so{,.*} m,
+
+ # Dangerous files
+ audit deny owner /**/* m, # compiled libraries
+diff -Naur '--exclude=cache' /etc/apparmor.d.orig/tunables/alias /etc/apparmor.d/tunables/alias
+--- a/etc/apparmor.d.orig/tunables/alias 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/tunables/alias 2015-06-03 18:12:46.426380000 +0000
+@@ -14,3 +14,7 @@
+ #
+ # Or if mysql databases are stored in /home:
+ # alias /var/lib/mysql/ -> /home/mysql/,
++
++alias / -> /lib/live/mount/overlay/,
++alias / -> /lib/live/mount/rootfs/*.squashfs/,
++
+
diff --git a/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch b/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
new file mode 100644
index 0000000..88a9e12
--- /dev/null
+++ b/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
@@ -0,0 +1,13 @@
+diff --git a/scripts/boot/9990-overlay.sh b/scripts/boot/9990-overlay.sh
+index 098111c..e1cfd15 100755
+--- a/lib/live/boot/9990-overlay.sh
++++ b/lib/live/boot/9990-overlay.sh
+@@ -156,7 +156,7 @@ setup_unionfs ()
+ # tmpfs file systems
+ touch /etc/fstab
+ mkdir -p /live/overlay
+- mount -t tmpfs tmpfs /live/overlay
++ # mount -t tmpfs tmpfs /live/overlay
+
+ # Looking for persistence devices or files
+ if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]