[apparmor] [RFC] handling XDG user directories
John Johansen
john.johansen at canonical.com
Tue Aug 6 19:48:19 UTC 2013
On 08/06/2013 12:18 PM, Jamie Strandboge wrote:
> On 08/06/2013 01:45 PM, John Johansen wrote:
>> On 08/05/2013 03:59 PM, Jamie Strandboge wrote:
>
>>> and users/admins can adjust /etc/apparmor.d/tunables/xdg-dirs or drop files into
>>> /etc/apparmor.d/tunables/xdg-dirs.d, providing a welcome convenience[2].
>>>
> ...
>> I know that people like the drop in dir bits, but quite bluntly I don't, for most
>> things, its a way of papering over real problems (of course I consider treating
>> profiles the way we do with packaging as a problems so ...)
>
> Well, we have it for home too, so I followed that (and we had the same
> conversation when I added it-- the slipperiness of my argument is not lost on
> me). We could make all the .d directories distro specific, but Debian derived
> distros would most likely all end up implementing .d themselves (we can't fix
> their longstanding conffile handling so they'll need to come up with something
> at least until policy is moved somewhere else). I am one that agrees that the .d
> directories work well enough with minimal effort (of course, I'm biased) and I
> can drop the .d directory and have distros do what they want (Debian and Ubuntu
> will likely have to do .d in the short term (there are other more convoluted
> options, but we don't have to discuss them here), but others could simply append
> the output of apparmor-xdg-dirs*.py to /etc/apparmor.d/tunables/xdg-dirs).
>
> ...
>
No, this was just me taking the opportunity to rant about conf file handling and
policy. For the moment I will accept its the best solution we can offer, and I
would rather try to standardize it than having each distro end up with the same
solution, with slightly different names
More information about the AppArmor
mailing list