On 07/06/2012 03:39 PM, Christian Boltz wrote: > Hello, > > maybe you already heard that some distributions (at least Fedora and > openSUSE) are going to move binaries from /bin/ to /usr/bin/ (and create > a compatibility symlink in /bin/). > yeah I think I heard something about that madness ;-)
> If that's new to you, have a look at > http://en.opensuse.org/openSUSE:Usr_merge > http://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge > > As a side effect, existing profiles like bin.ping won't protect ping > after it has been moved to /usr/bin. > well obviously that is a strong argument against making such a change > From the binaries with a default profile, this affects /bin/ping. > The various sbin.* will probably follow one day (they were not moved > yet, therefore I don't include them in the patch for now). > > > Long story short, here's the patch: > Acked-by: John Johansen <john.johan...@canonical.com> although I think I would prefer profile ping /{usr/,}bin/ping { > === modified file 'profiles/apparmor.d/bin.ping' > --- profiles/apparmor.d/bin.ping 2010-08-05 19:00:02 +0000 > +++ profiles/apparmor.d/bin.ping 2012-07-01 11:05:38 +0000 > @@ -10,7 +10,7 @@ > # ------------------------------------------------------------------ > > #include <tunables/global> > -/bin/ping { > +/{usr/,}bin/ping { > #include <abstractions/base> > #include <abstractions/consoles> > #include <abstractions/nameservice> > > > Regards, > > Christian Boltz > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
