Bug 112797

Summary: AppArmor-lite's profile lists aren't sufficient
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Seth R Arnold <seth.arnold>
Component: AppArmorAssignee: Dominic W Reynolds <dreynolds>
Status: RESOLVED FIXED QA Contact: Keiran Haggerty <khaggerty>
Severity: Normal    
Priority: P5 - None    
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Seth R Arnold 2005-08-24 18:36:39 UTC 
Darix has discovered that we missed some paths to ld.so for our list of allowed
profiles. We need to also include:
/opt/*-linux-uclibc/lib/ld-uClibc-*
(The first asterisk will be a real problem, as AppArmor lite doesn't support
that syntax. We'll need to just go enumerate the list of all contents possible
in the first asterisk. Remind me later and I'll figure out how to generate a list.)

The tools required to build the list of authorized profiles aren't checked into
Subversion yet; I'd be happy to add these new profiles to our certificates once
the control files are added.

Thanks
Comment 1 Dominic W Reynolds 2005-08-31 03:13:14 UTC 
Will regenate certs with new path for checkin on next drop 9/2/05.
Comment 4 Seth R Arnold 2005-09-09 17:27:28 UTC 
/opt/i386-linux-uclibc/lib/ld-uClibc**
/opt/powerpc-linux-uclibc/lib/ld-uClibc**

were added to the profile list in subversion revision 5140; any certificates
regenerated since then will pick up these loaders.

I did not find versions of uClibc for other architectures to confirm their
architecture names, so they haven't been added. Please feel free to reopen this
bug if you've got a list handy. (Or, better yet, can teach me how to find the
list. :)