From aad4f905eb8be584df3e458940d45fc6a5bf3604 Mon Sep 17 00:00:00 2001 From: Ikey Doherty Date: Wed, 27 Sep 2017 21:15:47 +0100 Subject: [PATCH] snap-confine: Ensure lib64 biarch directory is respected This fixes a 2.28+ regression whereby snap-update-ns no longer works due to the strict apparmor rules. Signed-off-by: Ikey Doherty --- cmd/snap-confine/snap-confine.apparmor.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/snap-confine/snap-confine.apparmor.in b/cmd/snap-confine/snap-confine.apparmor.in index 41969b2afed..0c0e29a7d30 100644 --- a/cmd/snap-confine/snap-confine.apparmor.in +++ b/cmd/snap-confine/snap-confine.apparmor.in @@ -396,14 +396,14 @@ # from the distribution package. This is also the location used when using # the core/base snap on all-snap systems. The variants here represent # various locations of libexecdir across distributions. - /usr/lib{,exec}/snapd/snap-update-ns Cxr -> snap_update_ns, + /usr/lib{,exec,64}/snapd/snap-update-ns Cxr -> snap_update_ns, # ...snap-confine is not, conceptually, re-executing and uses # snap-update-ns from the distribution package but we are already inside # the constructed mount namespace so we must traverse "hostfs". The # variants here represent various locations of libexecdir across # distributions. - /var/lib/snapd/hostfs/usr/lib{,exec}/snapd/snap-update-ns Cxr -> snap_update_ns, + /var/lib/snapd/hostfs/usr/lib{,exec,64}/snapd/snap-update-ns Cxr -> snap_update_ns, # ..snap-confine is, conceptually, re-executing and uses snap-update-ns # from the core snap. Note that the location of the core snap varies from