[apparmor] [new directory + files] utils/vim/
Seth Arnold
seth.arnold at gmail.com
Sat Apr 9 06:53:50 UTC 2011
> For openSUSE, the current solution is that I submit apparmor.vim to the
> vim package manually.
>
> A working automated solution might be:
> - package apparmor.vim somewhere in the apparmor-parser package[1], say
> /usr/share/apparmor/apparmor.vim [2]
> - add apparmor-parser to the BuildRequires of vim
> - let the vim build copy /usr/share/apparmor/apparmor.vim to
> /usr/share/vim/vim$version/syntax/
>
> The only disadvantage is the additional BuildRequire for vim - we'll see
> if packagers like it or not ;-)
I found that the /usr/bin/replace utility is part of the mysql-server
package; installing that brought many other requirements. (On my
Ubuntu system, mysql-server-5.1 brought in an additional 56 megabytes
of packages.)
It is a pity that such a useful tool is stuffed in such an expensive
package :) but it would probably forever prevent apparmor.vim from
being included into vim via BuildRequires. I'd love to see the replace
tool replaced. :)
Another note: I think cap_sys_module and cap_sys_rawio should be
placed into the "dangerous" capabilities list: cap_sys_module allows
loading any arbitrary file into the kernel as a module, and
cap_sys_rawio allows poking bytes into the IO ports of x86-land and
disabling interrupts (which would just be a denial-of-service, but the
poking bytes into protected magic memory sounds scary).
Thanks
More information about the AppArmor
mailing list