From a14a31b7514e3f602f29f9af61e6b7bc97662dc2 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Fri, 17 Jul 2020 23:43:19 +0100 Subject: [PATCH] apparmor: mount more up-to-date apparmor features in the chroot. --- live-build/auto/build | 2 ++ live-build/functions | 2 ++ 2 files changed, 4 insertions(+) diff --git a/live-build/auto/build b/live-build/auto/build index f14b23e0..154d95a3 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -121,6 +121,8 @@ preinstall_snaps() { mount --rbind /dev chroot/dev mount --rbind /sys chroot/sys mount --bind /proc chroot/proc + # Provide more up to date apparmor features, matching target kernel + mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic chroot/sys/kernel/security/apparmor/features snap_validate_seed chroot diff --git a/live-build/functions b/live-build/functions index 8156dd51..8352e672 100644 --- a/live-build/functions +++ b/live-build/functions @@ -99,6 +99,8 @@ setup_mountpoint() { mount proc-live -t proc "$mountpoint/proc" mount sysfs-live -t sysfs "$mountpoint/sys" mount securityfs -t securityfs "$mountpoint/sys/kernel/security" + # Provide more up to date apparmor features, matching target kernel + mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic "$mountpoint/sys/kernel/security/apparmor/features/" mount -t tmpfs none "$mountpoint/tmp" mount -t tmpfs none "$mountpoint/var/lib/apt" mount -t tmpfs none "$mountpoint/var/cache/apt"