[pkg-apparmor] Bug#979500: dh-apparmor: please support local includes of abstractions like "abstraction/name"
intrigeri
intrigeri at debian.org
Fri Jan 8 06:55:12 GMT 2021
Control: tag -1 + moreinfo
Hi,
Christian Boltz (2021-01-07):
> I'd argue that this is a problem that is already solved ;-)
>
> Starting with AppArmor 3.0, all[1] upstream abstractions come with a
> rule like (example taken from abstractions/base):
>
> include if exists <abstractions/base.d>
>
> so if you create that directory and place a file there, it will be
> included by the abstraction.
> [...]
> For abstractions shipped by individual package (like libvirt), it would
> also make sense to add an include if exists <abstractions/$whatever.d>
> rule to make it easy to add something to an abstraction.
I like what Christian Boltz is proposing (thanks!): as far as
I understand, it can happen in libvirt upstream, will benefit even
non-Debian distros, and does not require modifying dh-apparmor.
Christian Ehrhardt, how does it sound? Any reason why the approach you
initially suggested on this bug report is better?
Cheers!
More information about the pkg-apparmor-team
mailing list