summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-patches/apparmor-aliases.diff
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-patches/apparmor-aliases.diff')
-rw-r--r--config/chroot_local-patches/apparmor-aliases.diff41
1 files changed, 41 insertions, 0 deletions
diff --git a/config/chroot_local-patches/apparmor-aliases.diff b/config/chroot_local-patches/apparmor-aliases.diff
new file mode 100644
index 0000000..e606c61
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-aliases.diff
@@ -0,0 +1,41 @@
+--- a/etc/apparmor.d.orig/abstractions/base 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/abstractions/base 2015-06-03 18:11:08.402380000 +0000
+@@ -53,10 +53,11 @@
+ /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
+
+ # we might as well allow everything to use common libraries
+- /lib{,32,64}/** r,
++ /lib{32,64}/** r,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
+ /lib{,32,64}/lib*.so* mr,
+ /lib{,32,64}/**/lib*.so* mr,
+- /lib/@{multiarch}/** r,
++ /lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
+ /lib/@{multiarch}/lib*.so* mr,
+ /lib/@{multiarch}/**/lib*.so* mr,
+ /usr/lib{,32,64}/** r,
+diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /etc/apparmor.d/abstractions/ubuntu-helpers
+--- a/etc/apparmor.d.orig/abstractions/ubuntu-helpers 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/abstractions/ubuntu-helpers 2015-06-03 18:16:42.022380000 +0000
+@@ -66,7 +66,8 @@
+ # Full access
+ / r,
+ /** rwkl,
+- /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
++ /{,usr/,usr/local/}lib{32,64}/{,**/}*.so{,.*} m,
++ /{,usr/,usr/local/}lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}{,**/}*.so{,.*} m,
+
+ # Dangerous files
+ audit deny owner /**/* m, # compiled libraries
+diff -Naur '--exclude=cache' /etc/apparmor.d.orig/tunables/alias /etc/apparmor.d/tunables/alias
+--- a/etc/apparmor.d.orig/tunables/alias 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/tunables/alias 2015-06-03 18:12:46.426380000 +0000
+@@ -14,3 +14,7 @@
+ #
+ # Or if mysql databases are stored in /home:
+ # alias /var/lib/mysql/ -> /home/mysql/,
++
++alias / -> /lib/live/mount/overlay/,
++alias / -> /lib/live/mount/rootfs/filesystem.squashfs/,
++
+