[pkg-apparmor] Bug#959915: redundant freshclam profile since it's shipped in-package
intrigeri
intrigeri at debian.org
Mon May 25 10:22:01 BST 2020
Control: tag -1 + pending
Hi John & others,
John Scott (2020-05-06):
> An experimental freshclam profile is provided at
> /usr/share/apparmor/extra-profiles/usr.bin.freshclam, but clamav-freshclam
> provides its own more recent one in enforce mode at /etc/aa.d/ and has been
> for a while.
Indeed, good catch!
FTR, here's the profile shipped in the clamav-freshclam package:
https://salsa.debian.org/clamav-team/clamav/-/blob/unstable/debian/usr.bin.freshclam
It has been updated a few times in the last few years.
And here's the upstream one from the AppArmor project:
https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.bin.freshclam
It has been updated once in the last 10 years.
I would love to see cross-distro collaboration on this profile, but
our current infrastructure & processes are not ready for that yet,
and I lack time/energy to push this forward myself.
So for the time being:
> Please remove this one.
This makes sense to me:
/usr/share/apparmor/extra-profiles/usr.bin.freshclam
gives no benefit to Debian users and instead it can cause confusion.
The next upload won't include
/usr/share/apparmor/extra-profiles/usr.bin.freshclam
Cheers!
More information about the pkg-apparmor-team
mailing list