this is about LP: #2123870[1]. TL;DR is in comment #1[2]. We basically
need to replace any reference to a coreutils binary in existing
apparmor profiles to an expanded path list to cope with the different
ways this binary can be called in questing.
If using gnu-coreutils, we have a symlink /usr/bin/<tool> -> gnu<tool>
If using rust coreutils, we have a symlink /usr/bin/<tool> ->
/usr/lib/cargo/bin/coreutils/<tool>
Since apparmor cares about the target, we have multiple possibilities
for a rule that references, for example, /usr/bin/echo.
In apparmor 5.0.0~alpha1-0ubuntu7[3], a variable was added to cope
with these possibilities: @{coreutil_dirs}. See [4].
We are now going over the list of affected profiles, and using that
bug[1] to track the effort.
At this time, this is NOT a call for help: this is a PSA/RFC. We might
be touching a package you maintain and don't want uploaded now, or
something else. These are all being done via git ubuntu PRs in
launchpad. I expect some uploads will start happening early next week.
Please reply if you have any comments, suggestions,
zomg-please-dont-touch-my-package, etc.
1. https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2123870
2. https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2123870/comments/1
3. https://launchpad.net/ubuntu/+source/apparmor/5.0.0~alpha1-0ubuntu7
4. https://git.launchpad.net/ubuntu/+source/apparmor/commit/?id=e636b645358a49ec0845012a620061e203ab2cff
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
