On Fri, Feb 22, 2019 at 2:42 PM Jamie Strandboge <jamie@canonical.com> wrote:
On Mon, 18 Feb 2019, Christian Ehrhardt wrote:
+ virBufferAddLit(&buf, " \"/usr/lib{,32,64}/dri/**.so\" mr,\n"); + virBufferAddLit(&buf, " \"/usr/lib/@{multiarch}/dri/**.so\" mr,\n"); + virBufferAddLit(&buf, " \"/usr/lib/fglrx/dri/**.so\" mr,\n");
I'm sorry I think I wasn't clear on how to add in the .so files. I suggest:
At least I didn't make it up - I asked on apparmor channels and this is what I got :-)
virBufferAddLit(&buf, " \"/usr/lib{,32,64}/dri/*.so*\" mr,\n"); virBufferAddLit(&buf, " \"/usr/lib/@{multiarch}/dri/*.so*\" mr,\n"); virBufferAddLit(&buf, " \"/usr/lib/fglrx/dri/*.so*\" mr,\n");
This is slightly futureproofed with the trailing '*'. On my system, the '**' wasn't needed, but if you observe systems where it is, feel free to keep it.
I checked through all of Debian/Ubuntu with apt-file and found no cases that really need the **. Thereby I'll take your suggestion and push it (after another round of safety builds) with your ack (as all else was already fine).
The other parts of this patch looked fine.
-- Jamie Strandboge | http://www.canonical.com
-- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd