apparmor: mount more up-to-date apparmor features in the chroot.

(cherry picked from commit a14a31b751)
uc20-no-fixed-size
Dimitri John Ledkov 4 years ago
parent d724069fab
commit acc7e97f38
No known key found for this signature in database
GPG Key ID: 9B8EC849D5EF70ED

@ -121,6 +121,8 @@ preinstall_snaps() {
mount --rbind /dev chroot/dev mount --rbind /dev chroot/dev
mount --rbind /sys chroot/sys mount --rbind /sys chroot/sys
mount --bind /proc chroot/proc mount --bind /proc chroot/proc
# Provide more up to date apparmor features, matching target kernel
mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic chroot/sys/kernel/security/apparmor/features
snap_validate_seed chroot snap_validate_seed chroot

@ -105,6 +105,8 @@ setup_mountpoint() {
mount proc-live -t proc "$mountpoint/proc" mount proc-live -t proc "$mountpoint/proc"
mount sysfs-live -t sysfs "$mountpoint/sys" mount sysfs-live -t sysfs "$mountpoint/sys"
mount securityfs -t securityfs "$mountpoint/sys/kernel/security" mount securityfs -t securityfs "$mountpoint/sys/kernel/security"
# Provide more up to date apparmor features, matching target kernel
mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic "$mountpoint/sys/kernel/security/apparmor/features/"
mount -t tmpfs none "$mountpoint/tmp" mount -t tmpfs none "$mountpoint/tmp"
mount -t tmpfs none "$mountpoint/var/lib/apt" mount -t tmpfs none "$mountpoint/var/lib/apt"
mount -t tmpfs none "$mountpoint/var/cache/apt" mount -t tmpfs none "$mountpoint/var/cache/apt"

Loading…
Cancel
Save