[pkg-apparmor] Bug#979500: Bug#979500: dh-apparmor: please support local includes of abstractions like "abstraction/name"
intrigeri
intrigeri at debian.org
Fri Apr 2 11:08:11 BST 2021
Control: tag - moreinfo
Control: tag + wontfix
Hi,
Christian Ehrhardt (2021-02-08):
> I'm already part of the crowd waiting for "Include if exists" to be
> widely available.
> And yes, that would solve my problem as well.
>
> But IMHO a huge problem with "Include if exists" is, that on older
> apparmor it totally breaks the rule parsing.
> That makes it hard to fully jump onto the new feature yet:
> - upstreams don't know how far back their SW will be built, this would
> need to become at least a build time version/feature check against
> apparmor
> - distro-packaging often enough is used for backports, where again
> we'd need code to handle old and new feature sets
I hear you and I understand this set of conflicting constraints is
difficult to disentangle :/
> But thinking more about it I think I still agree that we can close this bug.
> That is because in the (hopefully few) places we need this we can
> handle it (a bit ugly) in the maintscripts.
> If we'd fully support it in dh-apparmor it might encourage people "too
> much" to use that instead of the hopefully better future of
> "include-if-exists".
This makes sense to me. I'm marking this bug as wontfix for now,
so that other folks who wonder why dh-apparmor lacks this feature can
find the answer.
Thank you all for the constructive discussion,
cheers!
More information about the pkg-apparmor-team
mailing list