[pkg-apparmor] Bug#807369: apparmor: Apparmor "deny network" not working in Jessie
intrigeri
intrigeri at debian.org
Sat Feb 13 03:25:55 UTC 2016
Control: retitle -1 Document which AppArmor features are not support in Debian
Hi,
apparently users are confused by upstream documentation (that assumes
all out-of-tree kernel patches are applied), or by the documentation
we ship (that also advertises features we can't support with a kernel
as close to mainline as the Debian one) — not sure which of those, but
regardless, the best we can do is probably:
* patch apparmor.d(5) to add an introduction that lists some of the
features we can't provide on Debian, and makes it clear that the
list may be incomplete;
* add something in README.Debian about it.
If someone feels strongly about how making the userspace tools behave
differently, patches are welcome (but a mere warning would just get us
back to Wheezy-area, that thankfully we've escaped, so IMO the warning
should be non-scary, point to some understandable and up-to-date
documentation, and not be spammed repeatedly to the user; UX matters).
I personally would be happy enough would a purely
documentation-based solution.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list