Re: [PATCH V2 0/3] apparmor: Add support for local profile customizations
Hello,
Am Donnerstag, 29. Juni 2023, 19:05:09 CEST schrieb Jim Fehlig:
[...]
I was going down the same path until I thought of the more brute
force
approach, which I admit to be fond of due to ease of ripping out the
2.x stuff when no longer needed. But yeah, two copies of the profiles
is not nice.
I have quite some experience with [getting rid of] code duplication [1],
and "not nice" is a very diplomatic description ;-)
I'll take a closer look at your patches now.
I had a look, and those conditional blocks look much better than
duplicating the whole directory.
Another thing you might want to add to all profiles and abstractions for
AppArmor >= 3.0 is
abi <abi/3.0>,
This will enable enforcing of some newer rule types - which might mean
that you need to add a few new rules to the profiles.
See the "Feature ABI" section in man 5 apparmor.d for details.
(Since this is unrelated to local/, adding the abi lines should probably
be a separate patch.)
Regards,
Christian Boltz
[1] unrelated to AppArmor
--
File Not Found.....Loading something that looks similar
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)