build: enable re-attach disconnected path by default

Ignored on Ubuntu 25.04 and abi3.0
2025-08-15 18:22:07 +02:00 · 2025-08-15 18:22:07 +02:00 · 483c0c107d
commit 483c0c107d
parent c51943934e
3 changed files with 50 additions and 3 deletions
--- a/pkg/prebuild/cli/cli.go
+++ b/pkg/prebuild/cli/cli.go
@ -108,7 +108,16 @@ func Configure() {
 	case 3:
 		builder.Register("abi3") // Convert all profiles from abi 4.0 to abi 3.0
 	case 4:
-		// builder.Register("attach") // Re-attach disconnected path
+		// Re-attach disconnected path, ignored on ubuntu 25.04+ due to a memory leak
+		// that fully prevent profiles compilation with re-attached paths.
+		// See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2098730
+		if prebuild.Distribution != "ubuntu" {
+			builder.Register("attach")
+			prepare.Register("attach")
+		} else if prebuild.Release["VERSION_CODENAME"] == "noble" {
+			builder.Register("attach")
+			prepare.Register("attach")
+		}
 	default:
 		logging.Fatal("Invalid ABI version: %d", prebuild.ABI)
 	}
--- a/pkg/prebuild/prepare/attach.go
+++ b/pkg/prebuild/prepare/attach.go
@ -0,0 +1,37 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package prepare
+
+import (
+	"strings"
+
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
+)
+
+type ReAttach struct {
+	prebuild.Base
+}
+
+func init() {
+	RegisterTask(&ReAttach{
+		Base: prebuild.Base{
+			Keyword: "attach",
+			Msg:     "Configure tunable for re-attached path",
+		},
+	})
+}
+
+func (p ReAttach) Apply() ([]string, error) {
+	res := []string{}
+
+	// Remove the @{att} tunable that is going to be defined in profile header
+	path := prebuild.RootApparmord.Join("tunables/multiarch.d/system")
+	out, err := path.ReadFileAsString()
+	if err != nil {
+		return res, err
+	}
+	out = strings.ReplaceAll(out, "@{att}=/", "# @{att}=/")
+	return res, path.WriteFile([]byte(out))
+}