[pkg-apparmor] Bug#877255: Pux is a deprecated syntax
John Johansen
john.johansen at canonical.com
Sun Oct 1 23:29:31 UTC 2017
The Pux syntax is deprecated because it contains mixed case qualifiers
on an x rule.
Capital case qualifiers indicate that scrubbing of certain dangerous
environment variables should be done. While lower case qualifiers
indicate that the environment should be passed unchanged. In the case
of Pux you have both which is a conflict and confusing.
Please use
PUx - for cases where you want the environment to be scrubbed and
pux - for cases where you do not want the environment to be scrubbed.
While the parser currently supports the old style syntax it should be
outputting a warning about deprecated syntax. The wiki obviously needs
to be updated to document this change but the man page has been
updated, it would be nice if there was a note about Pux/pUx being
deprecated. The profile development tools have been patched and no
longer support the old format, though it would be nice if the could
output a warning and perform the conversion.
More information about the pkg-apparmor-team
mailing list