update snapshot and adding changeset

mmaietta · mmaietta · commit 190dbbe53ee5 · 2025-02-05T07:53:24.000-08:00
diff --git a/.changeset/kind-items-clean.md b/.changeset/kind-items-clean.md
@@ -0,0 +1,5 @@
+---
+"app-builder-lib": patch
+---
+
+fix: Only update AppArmor profile if not chroot'ed
diff --git a/test/snapshots/linux/debTest.js.snap b/test/snapshots/linux/debTest.js.snap
@@ -568,7 +568,10 @@ if test -d "/etc/apparmor.d"; then
   if apparmor_parser --skip-kernel-load --debug "$APPARMOR_PROFILE_SOURCE" > /dev/null 2>&1; then
     cp -f "$APPARMOR_PROFILE_SOURCE" "$APPARMOR_PROFILE_TARGET"
 
-    if hash apparmor_parser 2>/dev/null; then
+    # Updating the current AppArmor profile is not possible and probably not meaningful in a chroot'ed environment.
+    # Use cases are for example environments where images for clients are maintained.
+    # There, AppArmor might correctly be installed, but live updating makes no sense.
+    if ! { [ -x '/usr/bin/ischroot' ] && /usr/bin/ischroot; } && hash apparmor_parser 2>/dev/null; then
       # Extra flags taken from dh_apparmor:
       # > By using '-W -T' we ensure that any abstraction updates are also pulled in.
       # https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"app-builder-lib": patch
 +---
++
 +fix: Only update AppArmor profile if not chroot'ed