From ec4f3c0774620dd2bb6df765b337fa8a67d2afc8 Mon Sep 17 00:00:00 2001 From: Ikey Doherty Date: Thu, 9 Nov 2017 17:21:37 +0000 Subject: [PATCH] cmd/snap-confine: Support bash as base runtime entry This allows bash that makes use of readline + ncurses to correctly map and execute within strict apparmor confinement, specifically required for enabling bash-based base runtimes (such as Solus). Signed-off-by: Ikey Doherty --- cmd/snap-confine/snap-confine.apparmor.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/snap-confine/snap-confine.apparmor.in b/cmd/snap-confine/snap-confine.apparmor.in index b467d318972..5866920f63f 100644 --- a/cmd/snap-confine/snap-confine.apparmor.in +++ b/cmd/snap-confine/snap-confine.apparmor.in @@ -17,8 +17,10 @@ # libc, you are funny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libc{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpthread{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libreadline{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}librt{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libgcc_s.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libncursesw{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libresolv{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libselinux.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpcre.so* mr, @@ -353,8 +355,10 @@ # libc, you are funny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libc{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpthread{,-[0-9]*}.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libreadline{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}librt{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libgcc_s.so* mr, + /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libncursesw{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libresolv{,-[0-9]*}.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libselinux.so* mr, /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpcre.so* mr,