X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=ac86b2d1f67a4fc30c5d5b8c09a6c8af94993ed1;hb=fefb2a411185c293de6bb6aa8aec698a80db3659;hp=a0e9b0742610dd75c07e8606374e35644e8c664c;hpb=ce4cacd36c5b5babeea85d0f93771017e6169180;p=distro-setup

diff --git a/distro-begin b/distro-begin
index a0e9b07..ac86b2d 100755
--- a/distro-begin
+++ b/distro-begin
@@ -350,11 +350,28 @@ case $HOSTNAME in
 esac
 
 
+lines=(
+  "/etc/resolved-nsswitch/nsswitch.conf r,"
+  "/etc/basic-nsswitch/nsswitch.conf r,"
+  # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
+  # I dont know if this is quite the right fix, but I saw other sockets
+  # in the nameservice files that were rw, so figured it was ok to add this and it worked.
+  "/run/systemd/resolve/io.systemd.Resolve rw,"
+)
 f=/etc/apparmor.d/abstractions/nameservice
-if [[ -e $f ]] && ! grep -q /etc/resolved-nsswitch/nsswitch.conf $f; then
-  sudo sed -i '/\/etc\/nsswitch.conf/a /etc/resolved-nsswitch/nsswitch.conf r,' $f
-  sudo sed -i '/\/etc\/nsswitch.conf/a /etc/basic-nsswitch/nsswitch.conf r,' $f
-  if sytemctl is-enabled apparmor; then
+apparmor_reload=false
+if [[ -e $f ]]; then
+  for l in "${lines[@]}"; do
+    if ! grep -qF "$l" $f; then
+      sudo sed -i "/\/nsswitch.conf/a $l" $f
+      apparmor_reload=true
+      if ! grep -qF "$l" $f; then
+        echo "$0: failed editing $f. investigate"
+        exit 1
+      fi
+    fi
+  done
+  if $apparmor_reload && systemctl is-enabled apparmor; then
     m ser reload apparmor
   fi
 fi
@@ -377,7 +394,7 @@ if bitfolk; then
   sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts
 fi
 
-if isdeb && [[ $(debian-codename) == nabia ]]; then
+if isdeb && [[ $(debian-codename) == aramo ]]; then
   sudo dd of=/etc/apt/preferences.d/aramo-jammy-missing <<'EOF'
 Package: linux-libc-dev libmysqlclient21
 Pin: release n=jammy,o=Ubuntu
@@ -466,7 +483,7 @@ pi ${p1[@]}
 
 ######## fix evbug bug ######
 case $(debian-codename-compat) in
-  xenial|bionic|focal)
+  xenial|bionic|focal|jammy)
     # noticed in flidas. dunno if it affects any others
     #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
     #https://wiki.debian.org/KernelModuleBlacklisting
@@ -731,8 +748,10 @@ if $emacs; then
   else
     if $recompile; then
       /a/bin/buildscripts/emacs
+      /a/bin/buildscripts/mu4e
     else
       /a/bin/buildscripts/emacs --no-r
+      /a/bin/buildscripts/mu4e --no-r
     fi
   fi
   # the first pup command can kill off our /etc/ mod, so rerun this