[apparmor] [PATCH] local site-specific changes
Steve Beattie
steve at nxnw.org
Fri Aug 13 13:54:57 BST 2010
On Thu, Aug 05, 2010 at 03:18:22PM -0500, Jamie Strandboge wrote:
> As mentioned in the last meeting, there is a desire to all
> administrators to adjust/override a shipped profile via an include file.
> Attached is a patch that achieves this.
>
> Profiles in profiles/apparmor.d/* now include (with comment)
> local/path.to.binary
>
> /etc/apparmor.d/local/path.to.binary has only a comment
>
> /etc/aparmor.d/local/README explains what this is all about
>
> profiles/Makefile is adjusted to create
> profiles/apparmor.d/local/paths.to.binaries and install them. 'clean'
> will clean them up.
Alas, all this doesn't lead to the usability improvements you might
think it does, as on reload, the parser doesn't detect that the local/
files have changed, the cached blob is reloaded, and whatever policy
issue the admin is trying to address remains unaddressed in the
policies currently loaded into the kernel.
I've filed LP: #617375 about the issue.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100813/6c36510e/attachment.pgp
More information about the AppArmor
mailing list