X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=blobdiff_plain;f=distro-begin;h=d0b03f62b341097fc12f394bb890b1410f1ba567;hp=a0e9b0742610dd75c07e8606374e35644e8c664c;hb=602a1874cc11a7d371890cdae4c0dc982267ea89;hpb=8fc333f8c2d69d0792f3742d4f4351e7acb07d9e

diff --git a/distro-begin b/distro-begin
index a0e9b07..d0b03f6 100755
--- a/distro-begin
+++ b/distro-begin
@@ -350,11 +350,28 @@ case $HOSTNAME in
 esac
 
 
+lines=(
+  "/etc/resolved-nsswitch/nsswitch.conf r,"
+  "/etc/basic-nsswitch/nsswitch.conf r,"
+  # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
+  # I dont know if this is quite the right fix, but I saw other sockets
+  # in the nameservice files that were rw, so figured it was ok to add this and it worked.
+  "/run/systemd/resolve/io.systemd.Resolve rw,"
+)
 f=/etc/apparmor.d/abstractions/nameservice
-if [[ -e $f ]] && ! grep -q /etc/resolved-nsswitch/nsswitch.conf $f; then
-  sudo sed -i '/\/etc\/nsswitch.conf/a /etc/resolved-nsswitch/nsswitch.conf r,' $f
-  sudo sed -i '/\/etc\/nsswitch.conf/a /etc/basic-nsswitch/nsswitch.conf r,' $f
-  if sytemctl is-enabled apparmor; then
+apparmor_reload=false
+if [[ -e $f ]]; then
+  for l in "${lines[@]}"; do
+    if ! grep -qF "$l" $f; then
+      sudo sed -i "/\/nsswitch.conf/a $l" $f
+      apparmor_reload=true
+      if ! grep -qF "$l" $f; then
+        echo "$0: failed editing $f. investigate"
+        exit 1
+      fi
+    fi
+  done
+  if $apparmor_reload && systemctl is-enabled apparmor; then
     m ser reload apparmor
   fi
 fi
@@ -466,7 +483,7 @@ pi ${p1[@]}
 
 ######## fix evbug bug ######
 case $(debian-codename-compat) in
-  xenial|bionic|focal)
+  xenial|bionic|focal|jammy)
     # noticed in flidas. dunno if it affects any others
     #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
     #https://wiki.debian.org/KernelModuleBlacklisting
@@ -731,8 +748,10 @@ if $emacs; then
   else
     if $recompile; then
       /a/bin/buildscripts/emacs
+      /a/bin/buildscripts/mu4e
     else
       /a/bin/buildscripts/emacs --no-r
+      /a/bin/buildscripts/mu4e --no-r
     fi
   fi
   # the first pup command can kill off our /etc/ mod, so rerun this