[pkg-apparmor] Bug#796374: Add AppArmor profile
Christian Boltz
debian-bugs at cboltz.de
Sun Aug 30 14:38:39 UTC 2015
Hello,
Am Samstag, 29. August 2015 schrieb intrigeri:
> Nicolas Braud-Santoni wrote (21 Aug 2015 15:24:44 GMT) :
> * Was this tested on current sid with systemd as pid 1? (that's
> a must)
> * Was this tested on Ubuntu? (nice to have, not a must)
The profile works on openSUSE, so I'd guess it should work everywhere
;-)
Note that haveged.service has DefaultDependencies=No (at least on
openSUSE), so you might need to add After=apparmor.service to ensure the
profile gets loaded first.
> > +/usr/sbin/haveged {
> > + #include <abstractions/base>
> > + #include <local/usr.sbin.haveged>
>
> Please move the "local" line to the end of the profile, for
> consistency with how all other profiles do it
Good idea, even if it's only cosmetics.
> (also, I suspect this
> allows overriding some default settings).
The ordering of rules is not relevant. The only thing that overrides
everything are "deny" rules.
> Otherwise, sounds great! I don't remember if you've already sent this
> to the AppArmor upstream mailing-list for review. Did you?
Yes, please do that ;-)
Regards,
Christian Boltz
--
> Ansonsten: Ich sage nur "Diwasserstoffmonoxid".
Ja, ein äußerst schädliches Zeugs, vor allem wenn es in
guten Malt gerät. [A. Schreiber und R. Döblitz]
More information about the pkg-apparmor-team
mailing list