[pkg-go] [pkg-apparmor] Bug#1100135: Conflict between Podman Profile and Pasta profile breaks rootless network shutdown
Stefano Brivio
sbrivio at redhat.com
Fri Mar 14 10:59:33 GMT 2025
On Thu, 13 Mar 2025 18:18:28 +0100
intrigeri <intrigeri at debian.org> wrote:
> Hi,
>
> Stefano Brivio (2025-03-13):
> > Actually, if you need something quick, you don't really need a
> > complete/real profile for Podman. You can just add to the current stub
> > (untested, but I'm fairly confident):
>
> Thank you for proposing more options!
>
> Sadly, this ventures too far away from my domain of expertise for me
> to take responsibility to include this in the Debian-specific delta of
> the AppArmor package, or to propose this change to AppArmor upstream
> myself so I can then cherry-pick it into Debian.
Podman doesn't maintain an AppArmor profile upstream, by the way, so
this would be Debian-only.
Well, eventually, it would be good for Debian to... contribute back
:) and propose a profile upstream.
I'm almost tempted to propose that change for merge downstream after
testing it a bit but given the soft freeze in a month, maybe better
not.
But... Podman (Debian) maintainers, if you're comfortable with it, let
me know and I'll submit a merge request.
> So at this stage, as far as Debian Trixie is concerned, I'm now
> tempted to simply remove the stub podman profile from the apparmor
> package: it seems none of us is super comfortable with the workaround
> they would have to carry to make it play nicer with pasta. And we
> would not be losing much value for our users.
If we lose zero value (do we? what's the value of the stub?) then I
would go ahead with that, definitely.
--
Stefano
More information about the Pkg-go-maintainers
mailing list