[apparmor] Bug#735470: Fwd: Bug#735470: Could be implemented centrally with a dpkg trigger instead of requiring every package shipping an apparmor file to use dh_apparmor
jamie at canonical.com
Fri Jan 17 16:07:02 UTC 2014
On 01/16/2014 06:23 PM, Seth Arnold wrote:
> One of my work-items for 14.04 LTS is to rework the AppArmor policy
> If dh_apparmor doesn't currently use --write-cache we should make it do
> so, to allow the compilation to be saved for later. Same with the click
> packaging hooks.
dh_apparmor does: apparmor_parser -r -T -W "$APP_PROFILE". click-apparmor uses
'--write-cache' by default (see apparmor/click.py:load_profile()).
> Upstart currently has some AppArmor policy knowledge built-in. We should
> also make sure it Does The Right Thing, ideally that'd be mostly up to
> the parser to get correct.
Marc implemented this-- you might talk to him about it.
> I'm sure there's more I've over-looked, I've not looked at this for a
> while, so please feel free to speak up if I've overlooked important
click-apparmor also provides the click-apparmor.conf upstart job to make sure
'aa-clickhook -f' gets run. This little nugget is actually the straw that broke
the camel's back on me wanting us to revamp policy load. :)
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 901 bytes
Desc: OpenPGP digital signature
More information about the AppArmor