[pkg-go] [pkg-apparmor] Bug#1100135: Conflict between Podman Profile and Pasta profile breaks rootless network shutdown
intrigeri
intrigeri at debian.org
Mon Mar 17 09:04:26 GMT 2025
Control: reassign -1 apparmor
Hi,
Stefano Brivio (2025-03-14):
> On Thu, 13 Mar 2025 18:18:28 +0100
> intrigeri <intrigeri at debian.org> wrote:
>> So at this stage, as far as Debian Trixie is concerned, I'm now
>> tempted to simply remove the stub podman profile from the apparmor
>> package: it seems none of us is super comfortable with the workaround
>> they would have to carry to make it play nicer with pasta. And we
>> would not be losing much value for our users.
>
> If we lose zero value (do we? what's the value of the stub?) then I
> would go ahead with that, definitely.
The main value of the stub is as a stepping stone for finer-grained
confinement, such as what we're discussing on this thread. I think
it's great to take advantage of it eventually but perhaps not at this
time in the dev cycle as far as Debian is concerned, so I'll go ahead
and remove the stub podman profile for now. Happy to bring it back
once other components such as passt are ready to take advantage of it,
even happier if a proper profile is created and maintained instead of
the stub :)
Cheers,
--
intrigeri
More information about the Pkg-go-maintainers
mailing list