* live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot:

- create a /usr/share/snappy/security-policy-version so that snappy can re-generate the security profiles if any of the versions of apparmor or ubuntu-core-security-* changes
2025-02-22 10:51:11 +00:00 · 2015-11-04 08:46:50 +01:00 · 2015-11-04 08:46:50 +01:00 · 46d1138e5a
commit 46d1138e5a
parent 82be50d338
2 changed files with 27 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,12 @@
+livecd-rootfs (2.351) xenial; urgency=medium
+
+  * live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot:
+    - create a /usr/share/snappy/security-policy-version so that
+      snappy can re-generate the security profiles if any of the versions
+      of apparmor or ubuntu-core-security-* changes
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 04 Nov 2015 08:45:49 +0100
+
 livecd-rootfs (2.350) xenial; urgency=medium

  [ Oliver Grawert ]
--- a/live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot
+++ b/live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot
@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# Create the security policy version file. Its important that the file
+# content changes every time an of the "apparmor" or "seccomp" policies
+# (or its generators) get updated.
+# 
+# snappy will use this file for its "snappy policygen --regenerate-all"
+# systemd unit. It will store the security-policy-version file on each
+# --regenerate-all call. On each boot it will compare the stored version
+# with the version on the image and if they are different regenerate the
+# policies
+
+set -e
+
+
+echo "create security policy version" >&2
+mkdir -p /usr/share/snappy/
+apt list --installed apparmor ubuntu-core-security-* > /usr/share/snappy/security-policy-version