summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-patches/apparmor-aliases.diff
blob: e606c61e6d87969c3ee32da779948845af13bccc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
--- a/etc/apparmor.d.orig/abstractions/base	2013-07-10 22:05:57.000000000 +0000
+++ b/etc/apparmor.d/abstractions/base	2015-06-03 18:11:08.402380000 +0000
@@ -53,10 +53,11 @@
   /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
 
   # we might as well allow everything to use common libraries
-  /lib{,32,64}/**                r,
+  /lib{32,64}/**                r,
+  /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**                r,
   /lib{,32,64}/lib*.so*          mr,
   /lib{,32,64}/**/lib*.so*       mr,
-  /lib/@{multiarch}/**            r,
+  /lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}**            r,
   /lib/@{multiarch}/lib*.so*      mr,
   /lib/@{multiarch}/**/lib*.so*   mr,
   /usr/lib{,32,64}/**            r,
diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /etc/apparmor.d/abstractions/ubuntu-helpers
--- a/etc/apparmor.d.orig/abstractions/ubuntu-helpers	2013-07-10 22:05:57.000000000 +0000
+++ b/etc/apparmor.d/abstractions/ubuntu-helpers	2015-06-03 18:16:42.022380000 +0000
@@ -66,7 +66,8 @@
   # Full access
   / r,
   /** rwkl,
-  /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
+  /{,usr/,usr/local/}lib{32,64}/{,**/}*.so{,.*} m,
+  /{,usr/,usr/local/}lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}{,**/}*.so{,.*} m,
 
   # Dangerous files
   audit deny owner /**/* m,              # compiled libraries
diff -Naur '--exclude=cache' /etc/apparmor.d.orig/tunables/alias /etc/apparmor.d/tunables/alias
--- a/etc/apparmor.d.orig/tunables/alias	2013-07-10 22:05:57.000000000 +0000
+++ b/etc/apparmor.d/tunables/alias	2015-06-03 18:12:46.426380000 +0000
@@ -14,3 +14,7 @@
 #
 # Or if mysql databases are stored in /home:
 # alias /var/lib/mysql/ -> /home/mysql/,
+
+alias / -> /lib/live/mount/overlay/,
+alias / -> /lib/live/mount/rootfs/filesystem.squashfs/,
+