From 75b04f5336bbffc6b53bf2eac099add8ba527ada Mon Sep 17 00:00:00 2001 From: Hoang Nguyen Date: Sat, 4 Oct 2025 20:05:01 +0700 Subject: [PATCH] main/apparmor: fix busybox path in profiles --- main/apparmor/APKBUILD | 6 ++++-- main/apparmor/fix-busybox-profile.patch | 13 +++++++++++++ main/apparmor/fix-dnsmasq-profile.patch | 2 +- 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 main/apparmor/fix-busybox-profile.patch diff --git a/main/apparmor/APKBUILD b/main/apparmor/APKBUILD index 33d37330f05..77187217138 100644 --- a/main/apparmor/APKBUILD +++ b/main/apparmor/APKBUILD @@ -2,7 +2,7 @@ maintainer="Achill Gilgenast " pkgname=apparmor pkgver=4.1.0 -pkgrel=3 +pkgrel=4 pkgdesc="Linux application security framework - mandatory access control for programs" url="https://gitlab.com/apparmor/apparmor/wikis/home" arch="all" @@ -53,6 +53,7 @@ source=" 0001-Fix-linking-against-gettext-on-musl-libc.patch 0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch fix-dnsmasq-profile.patch + fix-busybox-profile.patch binutils-missing-limits-h.patch " options="!check" # checkdepends in community @@ -203,6 +204,7 @@ sha512sums=" 1a57cc577ba3aedfbe10ef6148c1e8f5d0bbf65c99e60eec80c52409c9dab59ae002024500c6e4fd0e01e8c7aeb0c85e3e6b41cacee08c17fdd869d31bca614e apparmor.initd e94f44427ed3c6f64462170939ffc92ce9ac1a58c61c7c7c3483fe16fe8e1c419daade9d56cdd342132e4d823dcac1963a86ad889f10bf71fd52b7f54c4694ed 0001-Fix-linking-against-gettext-on-musl-libc.patch 38ebb30a0185f8eabd9103925959da365f64ef485f66ffb10180ac596fc172f9c98df39baec0b035138e9ab32056148e69a066faba9faebf9e92bf7a09c150c0 0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch -cbe6eb9dd46e3ace122d5bc386596d5106a301b82a9ac1681f31a967013d3db67a8d674d54605444f30c3a136677ff3b26fad80f78d0f02dbe18a9f10f64672a fix-dnsmasq-profile.patch +11e4ee7c2ac567e4e049601c73b54af68f8acd762787e286b5d25462850cd9d026168a5c5628cbb3a7554b6e340cb4040a764d5b9f69ad5f5ef084701e73bc95 fix-dnsmasq-profile.patch +28c38ac6c5b05f339c7fb5b9c86956f021cc1e2ab1184f98f19600177a3b50d008111d2e2392b9c695b0b990d485cb1c08e7da1e5ee1d2737cd2cd7ae671bb7b fix-busybox-profile.patch 04e5dbced9c03dfeb3ca4534f4eba721eb8a7583d92177a5be6c9432ac2f6b8a7a7a127143978ed63fc848e79ba176ffae7e2cb594ae42a528a4f72b441ba625 binutils-missing-limits-h.patch " diff --git a/main/apparmor/fix-busybox-profile.patch b/main/apparmor/fix-busybox-profile.patch new file mode 100644 index 00000000000..1516d3e12de --- /dev/null +++ b/main/apparmor/fix-busybox-profile.patch @@ -0,0 +1,13 @@ +diff --git a/profiles/apparmor.d/busybox b/profiles/apparmor.d/busybox +index d726ddf0a..b49016d6d 100644 +--- a/profiles/apparmor.d/busybox ++++ b/profiles/apparmor.d/busybox +@@ -4,7 +4,7 @@ + abi , + include + +-profile busybox /usr/bin/busybox flags=(unconfined) { ++profile busybox /{,usr/}bin/busybox flags=(unconfined) { + userns, + + # Site-specific additions and overrides. See local/README for details. diff --git a/main/apparmor/fix-dnsmasq-profile.patch b/main/apparmor/fix-dnsmasq-profile.patch index 9a92065702a..87a6e25c8c2 100644 --- a/main/apparmor/fix-dnsmasq-profile.patch +++ b/main/apparmor/fix-dnsmasq-profile.patch @@ -6,7 +6,7 @@ index 7ae9a14..0005b14 100644 /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage /{,usr/}bin/{ba,da,}sh ix, # Required to execute --dhcp-script argument -+ /bin/busybox ix, # /bin/sh is a symlink of busybox on Alpine ++ /{,usr/}bin/busybox ix, # /bin/sh is a symlink of busybox on Alpine # access to iface mtu needed for Router Advertisement messages in IPv6 # Neighbor Discovery protocol (RFC 2461)