Bugzilla – Bug 112797
AppArmor-lite's profile lists aren't sufficient
Last modified: 2005-09-09 17:27:28 UTC
Darix has discovered that we missed some paths to ld.so for our list of allowed profiles. We need to also include: /opt/*-linux-uclibc/lib/ld-uClibc-* (The first asterisk will be a real problem, as AppArmor lite doesn't support that syntax. We'll need to just go enumerate the list of all contents possible in the first asterisk. Remind me later and I'll figure out how to generate a list.) The tools required to build the list of authorized profiles aren't checked into Subversion yet; I'd be happy to add these new profiles to our certificates once the control files are added. Thanks
Will regenate certs with new path for checkin on next drop 9/2/05.
/opt/i386-linux-uclibc/lib/ld-uClibc** /opt/powerpc-linux-uclibc/lib/ld-uClibc** were added to the profile list in subversion revision 5140; any certificates regenerated since then will pick up these loaders. I did not find versions of uClibc for other architectures to confirm their architecture names, so they haven't been added. Please feel free to reopen this bug if you've got a list handy. (Or, better yet, can teach me how to find the list. :)