[pkg-apparmor] Bug#830562: developers-reference: Document expectations & best practices for including AppArmor policy in packages
intrigeri at debian.org
intrigeri at debian.org
Sat Jul 9 12:16:33 UTC 2016
Package: developers-reference
Version: 3.4.18
Severity: normal
X-Debbugs-Cc: pkg-apparmor-team at lists.alioth.debian.org
Owner: intrigeri at debian.org
Over the years we have successfully increased AppArmor policy coverage
in Debian. Expectations and best practices for package maintainers
were documented on the wiki 1.5 years ago, thanks to my team-mate u.:
https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport
So it's probably time to encode these expectations and best practices
in a more formal document :)
I'm not 100% sure what part of it should go into the Policy, and which
part should go into Developer's Reference. At least the part about
using dh-apparmor is probably too much of an implementation detail to
go in the Policy, so I guess that devref is a better place for it.
But the expectation that newly shipped or upgraded policy should be
loaded into the kernel via postinst can surely be made generic enough
to fit into the Policy's scope. OTOH the whole thing is really just
a few paragraphs, so splitting it over several documents might be
overkill. Advice would be welcome, but I can draft the text first and
then we'll see where it fits best.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list