[apparmor] [PATCH] add multiarch support to abstractions
Kees Cook
kees.cook at canonical.com
Thu Mar 17 18:28:44 UTC 2011
On Thu, Mar 17, 2011 at 08:59:36AM -0700, John Johansen wrote:
> hrmm what about using a variable?
>
> @{multiarch}={i386,i686,x86_64}
> or even
> @{multiarch}=*
>
> then the rules would be
> /lib/@{multiarch}-linux-gnu/...
>
> to me it documents the whole thing better and allows easier customization/
> modification if needed or desired
If we do it, I would prefer to use "*", but it's worth noting that
installing qemu and other crazy things could let you install all kinds of
insane tuples for multiarch. How about this?
@{multiarch}=*-linux-gnu
with
/lib/@{multiarch}/...
and when people do really insane stuff they can add to it:
@{multiarch}=*-linux-gnu s390-wtf-zomg
but we can ship the former.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list