[pkg-apparmor] Bug#876647: dh-apparmor: Please support /etc/apparmor.d/apache

[intrigeri]

Control: retitle -1 Provide facility to reload a profile when included snippets shipped by other packages are added/updated/removed

Hi,

FTR, there's no real-world example in testing anymore of the exact use
case why this was requested initially:

 - kopano-webapp was orphaned, removed from testing, and it's unlikely
   to come back any time soon.
 - We don't ship usr.lib.apache2.mpm-prefork.apache2 anymore.

But:

 - We still ship usr.sbin.apache2 with "#include <apache2.d>".
 - It's no surprise that other packages don't do this sort of things,
   given it's not well supported by our packaging machinery.

So I'm generalizing this bug report.

Notes to whoever will work on this:

 - To me it screams "dpkg triggers", since they provide the kind of
   facility we need here, i.e. ensure package X is informed it shall
   do something whenever package Y is installed/updated/removed.
   In the example at hand, libapache2-mod-apparmor would be triggered
   and would reload the usr.sbin.apache2 profile, whenever a package
   adds/updates/removes bits in /etc/apparmor.d/apache2.d/.

 - I think the right thing to do depends on how the plugin integration
   is done wrt. non-AppArmor aspects. For example, if
   adding/updating/removing a plugin package does *not* restart the
   affected program, then I think we should not reload the AppArmor
   policy either: otherwise, we would confine an older, already
   running, version of the code, with a new version of the AppArmor
   policy, and they may very well be incompatible.

Cheers!