Project

General

Profile

Bug #10659

Wrap executables in a cleaner, safer and more consistent manner

Added by anonym almost 4 years ago. Updated almost 4 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
11/24/2015
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

When wrapping executables (for various reasons, e.g. @torsocks@ifying them) we do various stuff like:

  • patch .application files' Exec field
  • put wrappers for e.g. /usr/bin/$X in /usr/local/bin/$X and rely on the wrapped one being picked due to the $PATH ordering
  • dpkg-divert to .orig in the same path

and similar. Wouldn't a cleaner way be to:

For executable with path $EXE (e.g. /usr/bin/pidgin), dpkg-divert it to /usr/local/lib/wrapped/$EXE (e.g. /usr/local/lib/wrapped/usr/bin/pidgin), and then put the wrapper in $EXE. Then we have these improvements/advantages:

  • a standard, consistent way of doing this! Less surprises!
  • we don't rely on something as brittle as $PATH ordering
  • in fact, the $PATH situation is identical as if we didn't wrap (and the wrapped executable is not in it)
  • no need to touch .application files

History

#1 Updated by anonym almost 4 years ago

  • Assignee changed from anonym to intrigeri
  • QA Check set to Info Needed

From the top of your head, how much AppArmor-related trouble (or improvements!) would this approach imply?

#2 Updated by intrigeri almost 4 years ago

  • Assignee changed from intrigeri to anonym
  • QA Check changed from Info Needed to Dev Needed

From the top of your head, how much AppArmor-related trouble (or improvements!) would this approach imply?

I don't remember, please test.

Also available in: Atom PDF