[arch-general] AppArmor support
Geo Kozey
geokozey at mailfence.com
Fri Sep 14 10:21:26 UTC 2018
> ----------------------------------------
> From: David Runge <dave at sleepmap.de>
> Sent: Fri Sep 14 11:24:09 CEST 2018
> To: Geo Kozey <geokozey at mailfence.com>
> Cc: General Discussion about Arch Linux <arch-general at archlinux.org>
> Subject: Re: [arch-general] AppArmor support
>
>
> On 2018-09-13 20:52:23 (+0200), Geo Kozey wrote:
> > > ----------------------------------------
> > > From: David Runge <dave at sleepmap.de>
> > > Sent: Thu Sep 13 19:51:49 CEST 2018
> > > To: General Discussion about Arch Linux <arch-general at archlinux.org>
> > > Subject: Re: [arch-general] AppArmor support
> > >
> > > It is now in [community-testing]. Feel free to comment and suggest
> > > improvements!
> > >
> > > Best,
> > > David
> > >
> >
> > The profile filenames doesn't matter (bin.ping, usr.bin.ping or ping-pong
> > will work the same. It only matters what's inside). You don't have to
> > change them[0]. Perhaps it will be better to leave them untouched for
> > easier comparison with upstream.
> The thing is: Some of them only reference /bin, /sbin or /usr/sbin,
> which needs to be replaced for our use-case. That is not easily achieved
> using sed, without also changing the includes of the override files in
> local/.
> A rename was therefore the easiest solution to this problem.
>
> If I find some time over the coming days I might have another go at it
> to see if there's another way of achieving the internal replaces without
> moving files. Problematically the files are not very unified.
>
> > 2.13.1 release will be very soon[1] with better usrmerge support which
> > means modifying profiles inside with sed won't be needed to.
> Hmm, they only mention usrmerge on one file... lol.
>
> Thanks for the input!
>
> Best,
> David
>
They called it 'binmerge' :)
https://gitlab.com/apparmor/apparmor/commit/4200932d8fb31cc3782d96dd8312511e807fd09b
I think this should fix issues with referencing filenames that you mentioned.
If there's something else left you may try to open issue/merge request upstream.
BTW: Upstream URL should be https://gitlab.com/apparmor/apparmor as this is
where develeopment activity occurs.
Yours sincerely
G. K.
More information about the arch-general
mailing list