[pkg-apparmor] [apparmor-profiles-extra] 01/02: Add a script allowing the source package to put specific profiles in complain mode.
intrigeri
intrigeri at debian.org
Thu Jul 20 13:50:45 UTC 2017
Hi Christian,
Christian Boltz:
> Am Montag, 3. Juli 2017, 11:37:48 CEST schrieb Intrigeri:
>> commit a495b510f242211a9f775d89744ade811ed0b4fe
>> Author: intrigeri <intrigeri at boum.org>
>> Date: Mon Jul 3 09:36:13 2017 +0000
>>
>> Add a script allowing the source package to put specific profiles
>> in complain mode. ---
> Just curious - why do you do this with sed magic?
Good question!
I've simply copied'n'pasted (and slightly adjusted) what we had in
https://sources.debian.net/src/apparmor/2.11.0-3/debian/put-all-profiles-in-complain-mode.sh/
without thinking :/ No idea why that other script was implemented this
way originally.
> What about
> - aa-complain -d $directory_with_the_profile $profile_file
Does aa-complain only edits the profile file, or does it interact with
the kernel in any way? (The manpage does not make this clear to me.)
If the former, happy to switch to this approach :)
> - creating/packaging a force-complain symlink (with the disadvantage
> that it disables caching for this profile)
I don't know how dpkg handles conffiles that are symlinks: e.g. if the
user removes that symlink, I don't know what happens on next
package upgrade.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list