On 08/19/2014 05:35 PM, intrigeri wrote: > intrigeri has proposed merging lp:~intrigeri/apparmor/perl-5.20-multiarch > into lp:apparmor. > > Requested reviews: > AppArmor Developers (apparmor-dev) > > For more details, see: > https://code.launchpad.net/~intrigeri/apparmor/perl-5.20-multiarch/+merge/231469 > > I think this should go into the 2.8 branch too, by the way. Thanks! > Ubuntu is going through the 5.20 perl multiarch transition and I came up with different rules (and more comprehensive patch). I was going to send this in the morning, but since this came in now, see attached.
-- Jamie Strandboge http://www.ubuntu.com/
Author: Jamie Strandboge <[email protected]> Description: update perl abstraction, logprof.conf, severity.db and test for Debian/Ubuntu perl multiarch paths Index: apparmor-2.8.96~2541/profiles/apparmor.d/abstractions/perl =================================================================== --- apparmor-2.8.96~2541.orig/profiles/apparmor.d/abstractions/perl +++ apparmor-2.8.96~2541/profiles/apparmor.d/abstractions/perl @@ -15,6 +15,8 @@ /usr/lib{,32,64}/perl5/** r, /usr/lib{,32,64}/perl{,5}/**.so* mr, + /usr/lib/@{multiarch}/perl/** r, + /usr/lib/@{multiarch}/perl/[0-9]*/**.so* mr, /usr/share/perl/** r, /usr/share/perl5/** r, Index: apparmor-2.8.96~2541/utils/logprof.conf =================================================================== --- apparmor-2.8.96~2541.orig/utils/logprof.conf +++ apparmor-2.8.96~2541/utils/logprof.conf @@ -130,6 +130,7 @@ # if they use any perl modules, grant access to all ^/usr/lib/perl5/.+$ = /usr/lib/perl5/** + ^/usr/lib/[^\/]+/perl/.+$ = /usr/lib/@{multiarch}/perl/** # locale foo ^/usr/lib/locale/.+$ = /usr/lib/locale/** Index: apparmor-2.8.96~2541/utils/severity.db =================================================================== --- apparmor-2.8.96~2541.orig/utils/severity.db +++ apparmor-2.8.96~2541/utils/severity.db @@ -230,6 +230,7 @@ /usr/lib/lib*so* 3 8 4 /usr/lib/iptables/* 2 8 2 /usr/lib/perl5/** 4 10 6 +/usr/lib/*/perl/** 4 10 6 /usr/lib/gconv/* 4 7 4 /usr/lib/locale/** 4 8 0 /usr/lib/jvm/** 5 7 5 Index: apparmor-2.8.96~2541/utils/test/severity_broken.db =================================================================== --- apparmor-2.8.96~2541.orig/utils/test/severity_broken.db +++ apparmor-2.8.96~2541/utils/test/severity_broken.db @@ -230,6 +230,7 @@ /usr/lib/lib*so* 3 8 4 /usr/lib/iptables/* 2 8 2 /usr/lib/perl5/** 4 10 6 +/usr/lib/*/perl/* 4 10 6 /usr/lib/gconv/* 4 7 4 /usr/lib/locale/** 4 8 0 /usr/lib/jvm/** 5 7 5 Index: apparmor-2.8.96~2541/utils/test/severity.db =================================================================== --- apparmor-2.8.96~2541.orig/utils/test/severity.db +++ apparmor-2.8.96~2541/utils/test/severity.db @@ -230,6 +230,7 @@ /usr/lib/lib*so* 3 8 4 /usr/lib/iptables/* 2 8 2 /usr/lib/perl5/** 4 10 6 +/usr/lib/*/perl/** 4 10 6 /usr/lib/gconv/* 4 7 4 /usr/lib/locale/** 4 8 0 /usr/lib/jvm/** 5 7 5 Index: apparmor-2.8.96~2541/utils/test/logprof.conf =================================================================== --- apparmor-2.8.96~2541.orig/utils/test/logprof.conf +++ apparmor-2.8.96~2541/utils/test/logprof.conf @@ -105,6 +105,7 @@ # if they use any perl modules, grant access to all ^/usr/lib/perl5/.+$ = /usr/lib/perl5/** + ^/usr/lib/[^\/]+/perl/.+$ = /usr/lib/@{multiarch}/perl/** # locale foo ^/usr/lib/locale/.+$ = /usr/lib/locale/**
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
