[pkg-apparmor] [apparmor-profiles-extra] 01/02: Add a script allowing the source package to put specific profiles in complain mode.

Christian Boltz apparmor-debian at cboltz.de
Fri Jul 21 11:54:20 UTC 2017 

Hello,

Am Donnerstag, 20. Juli 2017, 15:50:45 CEST schrieb intrigeri:
> Christian Boltz:
> > Am Montag, 3. Juli 2017, 11:37:48 CEST schrieb Intrigeri:
> >> commit a495b510f242211a9f775d89744ade811ed0b4fe
> >> Author: intrigeri <intrigeri at boum.org>
> >> Date:   Mon Jul 3 09:36:13 2017 +0000
> >> 
> >>     Add a script allowing the source package to put specific
> >>     profiles
> >> 
> >> in complain mode. ---
> > 
> > Just curious - why do you do this with sed magic?
> 
> Good question!
> 
> I've simply copied'n'pasted (and slightly adjusted) what we had in
> https://sources.debian.net/src/apparmor/2.11.0-3/debian/put-all-profil
> es-in-complain-mode.sh/ without thinking :/ No idea why that other
> script was implemented this way originally.

Ah, the usual "historical reasons" ;-)

> > What about
> > - aa-complain -d $directory_with_the_profile $profile_file
> 
> Does aa-complain only edits the profile file, or does it interact with
> the kernel in any way? (The manpage does not make this clear to me.)
> 
> If the former, happy to switch to this approach :)

# aa-complain --help | tail -n1
  --no-reload        Do not reload the profile after modifying it

;-)

And as I just noticed, --no-reload is missing from the manpage :-(
Patch for several aa-* manpages sent.

> > - creating/packaging a force-complain symlink (with the disadvantage
> > 
> >   that it disables caching for this profile)
> 
> I don't know how dpkg handles conffiles that are symlinks: e.g. if the
> user removes that symlink, I don't know what happens on next package
> upgrade.

ENOTMYPACKAGEMANAGER ;-)


Regards,

Christian Boltz
-- 
Da Ihre Web-Seite wohl nur den IE akzeptiert, fordere ich Sie auf, mir
einen lauffähig vorkonfigurierten PC mit Windows XP[tm] inkl. IE, oder
eine Windows XP Vollversion auf CD plus "VmWare Workstation" kostenlos
zukommen zu lassen, damit ich Ihr Angebot wahrnehmen kann.
[Textbaustein für IE-only Webshops - David Haller in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20170721/556abac9/attachment-0001.sig>

More information about the pkg-apparmor-team mailing list