cmd/snap-confine: genearlize apparmor profile for various lib layout #3789

zyga · Aug 23, 2017

Depending on the distribution at hand we the conceptual "/lib" may be
at /lib or /usr/lib, the "lib" directory may be spelled
lib, lib32, lib64 or even libx32. It may be optionally followed by a
multiarch suffix. This patch applies those rules to all the shared
libraries we need to map and read.

Signed-off-by: Zygmunt Krynicki me@zygoon.pl

jdstrand · Aug 23, 2017

jdstrand requested changes Aug 23, 2017

View changes

You dropped libdl.

Corrected

jdstrand · Aug 23, 2017

jdstrand approved these changes Aug 23, 2017

View changes

Assuming the testsuite passes, approving.

codecov-io · Aug 23, 2017

Codecov Report

Merging #3789 into master will decrease coverage by <.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3789      +/-   ##
==========================================
- Coverage   75.81%   75.81%   -0.01%     
==========================================
  Files         402      402              
  Lines       34741    34745       +4     
==========================================
+ Hits        26340    26341       +1     
- Misses       6527     6529       +2     
- Partials     1874     1875       +1

Impacted Files	Coverage Δ
corecfg/powerbtn.go	`70.73% <0%> (-4.95%)`	⬇️
interfaces/builtin/core_support.go	`100% <0%> (ø)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 947c2d4...6307131. Read the comment docs.

zyga requested a review from jdstrand Aug 23, 2017

zyga deleted the zyga:tweak/generic-snap-confine-aa-profile branch Aug 23, 2017

jdstrand referenced this pull request Aug 29, 2017
Closed
cmd,interfaces: add initial support for Solus #3720

-        -    /usr/lib/@{multiarch}/libseccomp.so* mr,
-        -    /lib/@{multiarch}/libseccomp.so* mr,
+        +    /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libapparmor.so* mr,
+        +    /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcgmanager.so* mr,

snapcore/snapd

cmd/snap-confine: genearlize apparmor profile for various lib layout #3789

zyga commented Aug 23, 2017

zyga requested a review from jdstrand Aug 23, 2017

jdstrand requested changes Aug 23, 2017

View changes

jdstrand approved these changes Aug 23, 2017

View changes

codecov-io commented Aug 23, 2017

zyga merged commit `2101bac` into snapcore:master Aug 23, 2017
6 of 7 checks passed

6 of 7 checks passed

zyga deleted the zyga:tweak/generic-snap-confine-aa-profile branch Aug 23, 2017

jdstrand referenced this pull request Aug 29, 2017

cmd,interfaces: add initial support for Solus #3720

snapcore/snapd

Join GitHub today

cmd/snap-confine: genearlize apparmor profile for various lib layout #3789

Conversation

zyga commented Aug 23, 2017

zyga requested a review from jdstrand Aug 23, 2017

jdstrand requested changes Aug 23, 2017 View changes

jdstrand Aug 23, 2017

zyga Aug 23, 2017

All checks have passed

jdstrand approved these changes Aug 23, 2017 View changes

codecov-io commented Aug 23, 2017

Codecov Report

Hide details View details zyga merged commit 2101bac into snapcore:master Aug 23, 2017 6 of 7 checks passed

6 of 7 checks passed

zyga deleted the zyga:tweak/generic-snap-confine-aa-profile branch Aug 23, 2017

jdstrand referenced this pull request Aug 29, 2017

cmd,interfaces: add initial support for Solus #3720

jdstrand requested changes Aug 23, 2017

View changes

jdstrand approved these changes Aug 23, 2017

View changes

zyga merged commit `2101bac` into snapcore:master Aug 23, 2017
6 of 7 checks passed