[apparmor] [patch] mkdir /etc/apparmor.d/disable
John Johansen
john.johansen at canonical.com
Wed Oct 19 18:11:13 UTC 2011
On 10/13/2011 03:17 AM, Christian Boltz wrote:
> Hello,
>
> no 2.7 rc1 release yet? John, you had your chance *eg*
>
> Seriously: it would be a good idea to create the directory
> /etc/apparmor.d/disable which is required by aa-disable ;-)
>
> === modified file 'profiles/Makefile'
> --- profiles/Makefile 2011-03-23 23:10:33 +0000
> +++ profiles/Makefile 2011-10-13 10:11:18 +0000
> @@ -52,6 +52,7 @@
> install -m 755 -d ${PROFILES_DEST}
> install -m 755 -d ${PROFILES_DEST}/abstractions \
> ${PROFILES_DEST}/apache2.d \
> + ${PROFILES_DEST}/disable \
> ${PROFILES_DEST}/program-chunks \
> ${PROFILES_DEST}/tunables \
> ${PROFILES_DEST}/tunables/home.d \
>
> While this patch looks quite straightforward, it isn't 100% perfect.
> The perfect solution would be to do it in utils/Makefile because it
> belongs to aa-disable ;-) OTOH, most people will probably install the
> utils _and_ the profiles, so it doesn't really matter which Makefile
> creates the directory.
>
> Packaging is a different thing - the utils package should contain
> /etc/apparmor.d/disable.
>
> That said: This patch isn't something that is worth delaying the 2.7 rc1
> release.
>
I am fine with this, as it is the way we currently do things.
So I guess thats an
Acked-by: John Johansen <john.johansen at canonical.com>
Now for the rant.
I absolutely detest this mechanism for disable and complain (yes I know why
it was done), and would prefer we revisit this again for the future (I know
a collective scream of no). </rant>
More information about the AppArmor
mailing list