Fix up the profiles make install target for the tunables/multiarch.d/

change.
Update version for release
2025-09-02 15:25:27 +00:00 · 2011-03-23 16:07:55 -07:00 · 2011-03-23 15:01:51 -07:00 · 2011-03-23 13:45:41 -07:00 · 2011-03-23 12:27:16 -07:00
11 changed files with 79 additions and 9 deletions
--- a/common/Version
+++ b/common/Version
@@ -1 +1 @@
-2.6.1~rc1
+2.6.1
--- a/profiles/Makefile
+++ b/profiles/Makefile
@@ -38,7 +38,7 @@ PROFILES_SOURCE=./apparmor.d
 EXTRAS_SOURCE=./apparmor/profiles/extras/
 SUBDIRS_MUST_BE_SKIPPED=${PROFILES_SOURCE}/abstractions ${PROFILES_SOURCE}/apache2.d ${PROFILES_SOURCE}/program-chunks ${PROFILES_SOURCE}/tunables ${PROFILES_SOURCE}/local
 PROFILES_TO_COPY=$(filter-out ${SUBDIRS_MUST_BE_SKIPPED}, $(wildcard ${PROFILES_SOURCE}/*))
-TUNABLES_TO_COPY=$(filter-out ${PROFILES_SOURCE}/tunables/home.d, $(wildcard ${PROFILES_SOURCE}/tunables/*))
+TUNABLES_TO_COPY=$(filter-out ${PROFILES_SOURCE}/tunables/home.d ${PROFILES_SOURCE}/tunables/multiarch.d, $(wildcard ${PROFILES_SOURCE}/tunables/*))
 ABSTRACTIONS_TO_COPY=$(filter-out ${PROFILES_SOURCE}/abstractions/ubuntu-browsers.d, $(wildcard ${PROFILES_SOURCE}/abstractions/*))

 local:
@@ -64,6 +64,7 @@ install: local
 	install -m 644 ${PROFILES_SOURCE}/program-chunks/* ${PROFILES_DEST}/program-chunks
 	install -m 644 ${TUNABLES_TO_COPY} ${PROFILES_DEST}/tunables
 	install -m 644 ${PROFILES_SOURCE}/tunables/home.d/* ${PROFILES_DEST}/tunables/home.d
+	install -m 644 ${PROFILES_SOURCE}/tunables/multiarch.d/* ${PROFILES_DEST}/tunables/multiarch.d
 	install -m 755 -d ${EXTRAS_DEST}
 	install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST}
 	install -m 644 ${PROFILES_SOURCE}/local/* ${PROFILES_DEST}/local
--- a/profiles/apparmor.d/abstractions/authentication
+++ b/profiles/apparmor.d/abstractions/authentication
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2009 Canonical Ltd
+#    Copyright (C) 2009-2011 Canonical Ltd
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -25,6 +25,9 @@
  /lib{,32,64}/security/pam_filter/*  mr,
  /lib{,32,64}/security/pam_*.so      mr,
  /lib{,32,64}/security/              r,
+  /lib/@{multiarch}/security/pam_filter/*  mr,
+  /lib/@{multiarch}/security/pam_*.so      mr,
+  /lib/@{multiarch}/security/              r,

  # kerberos
  #include <abstractions/kerberosclient>
--- a/profiles/apparmor.d/abstractions/base
+++ b/profiles/apparmor.d/abstractions/base
@@ -2,7 +2,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2009 Canonical Ltd.
+#    Copyright (C) 2009-2011 Canonical Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -36,6 +36,8 @@
  /usr/lib{,32,64}/locale/**             mr,
  /usr/lib{,32,64}/gconv/*.so            mr,
  /usr/lib{,32,64}/gconv/gconv-modules*  mr,
+  /usr/lib/@{multiarch}/gconv/*.so          mr,
+  /usr/lib/@{multiarch}/gconv/gconv-modules mr,

  # used by glibc when binding to ephemeral ports
  /etc/bindresvport.blacklist    r,
@@ -45,17 +47,26 @@
  /etc/ld.so.cache               mr,
  /lib{,32,64}/ld{,32,64}-*.so   mrix,
  /lib{,32,64}/**/ld{,32,64}-*.so     mrix,
+  /lib/@{multiarch}/ld{,32,64}-*.so    mrix,
  /lib/tls/i686/{cmov,nosegneg}/ld-*.so     mrix,
+  /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so     mrix,
  /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,

  # we might as well allow everything to use common libraries
  /lib{,32,64}/**                r,
  /lib{,32,64}/lib*.so*          mr,
  /lib{,32,64}/**/lib*.so*       mr,
+  /lib/@{multiarch}/**            r,
+  /lib/@{multiarch}/lib*.so*      mr,
+  /lib/@{multiarch}/**/lib*.so*   mr,
  /usr/lib{,32,64}/**            r,
  /usr/lib{,32,64}/*.so*         mr,
  /usr/lib{,32,64}/**/lib*.so*   mr,
+  /usr/lib/@{multiarch}/**          r,
+  /usr/lib/@{multiarch}/lib*.so*    mr,
+  /usr/lib/@{multiarch}/**/lib*.so* mr,
  /lib/tls/i686/{cmov,nosegneg}/lib*.so*    mr,
+  /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/lib*.so*    mr,

  # /dev/null is pretty harmless and frequently used
  /dev/null                      rw,
--- a/profiles/apparmor.d/abstractions/gnome
+++ b/profiles/apparmor.d/abstractions/gnome
@@ -2,7 +2,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2009-2010 Canonical Ltd.
+#    Copyright (C) 2009-2011 Canonical Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -19,6 +19,7 @@
  /etc/gnome/gtkrc*               r,
  /etc/gtk/*                      r,
  /usr/lib{,32,64}/gtk/**         mr,
+  /usr/lib/@{multiarch}/gtk/**    mr,
  /usr/share/themes/**            r,

  # for gnome 1 applications
@@ -31,6 +32,9 @@
  /usr/lib{,32,64}/pango/**       mr,
  /usr/lib{,32,64}/gtk-*/**       mr,
  /usr/lib{,32,64}/gdk-pixbuf-*/** mr,
+  /usr/lib/@{multiarch}/pango/**        mr,
+  /usr/lib/@{multiarch}/gtk-*/**        mr,
+  /usr/lib/@{multiarch}/gdk-pixbuf-*/** mr,

  # per-user gtk configuration
  @{HOME}/.gnome/Gnome            r,
@@ -60,6 +64,7 @@
  /etc/gnome-vfs-2.0/modules/ r,
  /etc/gnome-vfs-2.0/modules/* r,
  /usr/lib/gnome-vfs-2.0/modules/*.so mr,
+  /usr/lib/@{multiarch}/gnome-vfs-2.0/modules/*.so mr,

  # gvfs
  /usr/share/gvfs/remote-volume-monitors/  r,
--- a/profiles/apparmor.d/abstractions/kde
+++ b/profiles/apparmor.d/abstractions/kde
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2006 Novell/SUSE
-#    Copyright (C) 2009-2010 Canonical Ltd.
+#    Copyright (C) 2009-2011 Canonical Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -38,10 +38,17 @@
 /usr/lib*/kde3/plugins/styles/ r,
 /usr/lib*/kde3/plugins/styles/* mr,
 /usr/lib*/kde3/lib*so* mr,
+/usr/lib/@{multiarch}/kde3/plugins/styles/ r,
+/usr/lib/@{multiarch}/kde3/plugins/styles/* mr,
+/usr/lib/@{multiarch}/kde3/lib*so* mr,
 /usr/lib*/qt3/lib*/lib*so* mr,
 /usr/lib*/qt3/plugins/**  mr,
+/usr/lib/@{multiarch}/qt3/lib*/lib*so* mr,
+/usr/lib/@{multiarch}/qt3/plugins/**  mr,
 /usr/lib*/libqt-mt*so* mr,
 /usr/lib*/libqui*so* mr,
+/usr/lib/@{multiarch}/libqt-mt*so* mr,
+/usr/lib/@{multiarch}/libqui*so* mr,
 /usr/share/qt3/lib*/libqt-mt*so* mr,
 /usr/share/qt3/lib*/libqui*so* mr,

@@ -49,6 +56,11 @@
 /usr/lib*/kde4/plugins/*/*.so mr,
 /usr/lib*/kde4/plugins/*/ r,
 /usr/lib*/kde4/lib*so* mr,
+/usr/lib/@{multiarch}/kde4/plugins/*/*.so mr,
+/usr/lib/@{multiarch}/kde4/plugins/*/ r,
+/usr/lib/@{multiarch}/kde4/lib*so* mr,
 /usr/lib*/qt4/lib*/lib*so* mr,
 /usr/lib*/qt4/plugins/**  mr,
+/usr/lib/@{multiarch}/qt4/lib*/lib*so* mr,
+/usr/lib/@{multiarch}/qt4/plugins/**  mr,
 /usr/share/qt4/** r,
--- a/profiles/apparmor.d/abstractions/kerberosclient
+++ b/profiles/apparmor.d/abstractions/kerberosclient
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2009 Canonical Ltd.
+#    Copyright (C) 2009-2011 Canonical Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -12,9 +12,13 @@
  # files required by kerberos client programs
  /usr/lib{,32,64}/krb5/plugins/libkrb5/ r,
  /usr/lib{,32,64}/krb5/plugins/libkrb5/* mr,
+  /usr/lib/@{multiarch}/krb5/plugins/libkrb5/ r,
+  /usr/lib/@{multiarch}/krb5/plugins/libkrb5/* mr,

  /usr/lib{,32,64}/krb5/plugins/preauth/ r,
  /usr/lib{,32,64}/krb5/plugins/preauth/* mr,
+  /usr/lib/@{multiarch}/krb5/plugins/preauth/ r,
+  /usr/lib/@{multiarch}/krb5/plugins/preauth/* mr,

  /etc/krb5.keytab            r,
  /etc/krb5.conf              r,
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2009 Canonical Ltd.
+#    Copyright (C) 2009-2011 Canonical Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -50,6 +50,8 @@
  # they are available
  /lib{,32,64}/libnss_*.so*      mr,
  /usr/lib{,32,64}/libnss_*.so*  mr,
+  /lib/@{multiarch}/libnss_*.so*      mr,
+  /usr/lib/@{multiarch}/libnss_*.so*  mr,
  /etc/default/nss               r,

  # avahi-daemon is used for mdns4 resolution
--- a/profiles/apparmor.d/tunables/global
+++ b/profiles/apparmor.d/tunables/global
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2006-2009 Novell/SUSE
-#    Copyright (C) 2010 Canonical Ltd.
+#    Copyright (C) 2010-2011 Canonical Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -13,5 +13,6 @@
 # should be included here

 #include <tunables/home>
+#include <tunables/multiarch>
 #include <tunables/proc>
 #include <tunables/alias>
--- a/profiles/apparmor.d/tunables/multiarch
+++ b/profiles/apparmor.d/tunables/multiarch
@@ -0,0 +1,17 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2010 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# @{multiarch} is the set of patterns matching multi-arch library
+# install prefixes.
+@{multiarch}=*-linux-gnu*
+
+# Also, include files in tunables/multiarch.d for site and packaging
+# specific adjustments to @{multiarch}.
+#include <tunables/multiarch.d>
--- a/profiles/apparmor.d/tunables/multiarch.d/site.local
+++ b/profiles/apparmor.d/tunables/multiarch.d/site.local
@@ -0,0 +1,14 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2011 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# The following is a space-separated list of where additional multipath
+# prefixes are stored, each should not have a trailing '/'. Directories
+# added here are appended to @{multiarch}. See tunables/mutliarch for details. Eg:
+#@{multiarch}+=*-freebsd* s390-hurd-zomg
Author	SHA1	Message	Date
Steve Beattie	4158b5e095	Fix up the profiles make install target for the tunables/multiarch.d/ change.	2011-03-23 16:07:55 -07:00
Steve Beattie	3706a9c31a	Update version for release	2011-03-23 15:01:51 -07:00
Steve Beattie	6bd242fefc	Merge from trunk rev 1700: fix typo in multi-arch comment.	2011-03-23 13:45:41 -07:00
Steve Beattie	2ef723e054	Merge from trunk rev 1699: This patch add multiarch support for common shared library locations, as well as a tunables file and directory to ease adding additional multiarch paths. Bug: https://launchpad.net/bugs/736870	2011-03-23 12:27:16 -07:00