[apparmor] cross-distribution profile repo

Christian Boltz apparmor at cboltz.de
Sun Jul 27 17:47:36 UTC 2014 

Hello,

I discussed a bit with intrigeri about a profile repo for cross-distribution 
usage and profile sharing. Here's the log - feedback welcome ;-)


[19:04:10] <cboltz> BTW: we should find a solution for managing distro-specific profiles
[19:04:18] <cboltz> and, more important, sharing them between distros ;-)
[19:07:02] <intrigeri> yep. I still have an unfinished draft reply on the relevant thread
[19:07:10] <intrigeri> ... with low-hanging fruits action items.
[19:08:47] <cboltz> just as a quick idea: http://paste.opensuse.org/96760488

+ apparmor-profiles
  |-- debian
  |   |-- Wheezy
  |   '-- Jessie
  |-- openSUSE
  |   |-- 12.3
  |   '-- 13.1
  '-- Ubuntu
      |-- Trusty_Tahr
      '-- Utopic_Unicorn

[19:08:58] <cboltz> that would be a repo layout I can imagine
[19:09:11] <cboltz> and the goal would be to get the profiles "upwards"
[19:09:33] <cboltz> for example from "openSUSE/13.1" to "openSUSE" and finally to / (= all distributions)
[19:09:59] <cboltz> OTOH, the subdirectories would override the upwards directories
[19:10:21] <cboltz> so you could have a profile specific for openSUSE 13.1 even if there is one in "/" or "openSUSE"
[19:10:42] <cboltz> do you think this layout would work?
[19:13:36] <intrigeri> I'm sorry, I don't have the problem in my mental space right now, so I can't reason on it.
[19:14:07] <intrigeri> But at first glance, it looks good. I think I would use branches instead of directories, though.
[19:14:14] <intrigeri> Branches allow easier merging.
[19:14:28] <intrigeri> No idea how bzr is good at that. I'm a Git guy.
[19:15:08] <cboltz> the "problem" with branches is that you have a not-so-central place or even multiple branched repos
[19:15:29] <cboltz> my goal is to have plain directories, which means everything is at one place
[19:15:33] <intrigeri> oh, all these branches could very well live in the same repo.
[19:18:37] <cboltz> yes, but they are still a bit more "difficult" to handle than plain directories ;-)
[19:18:52] <cboltz> (but that are technical details)
[19:19:11] <intrigeri> I think it's a function of how well the people interacting with this repo know the VCS it uses.
[19:19:24] <intrigeri> E.g. if it was Git, then it's easier for me to deal with branches than directories.
[19:19:31] <intrigeri> But I agree, these are details.
[19:19:42] <intrigeri> (and if it's bzr, then I do prefer directories too ;)
[19:20:54] <intrigeri> cboltz: and anyway: thanks a lot for thinking about it, and for raising it on my todo list :)
[19:23:43] <cboltz> I also want to have more profiles in openSUSE, so having a repo for all distros would be a good start ;-)
[19:23:56] <intrigeri> yay.
[19:24:09] <intrigeri> I think we're more or less in the same boat.




Regards,

Christian Boltz
-- 
Aber immer, wenn ich nichts Böses erwarte, dann passierts.
Dann hat irgend ein Hirni was geändert, was mehr Arbeit macht.
Und der Hirni sitzt hinter 'nem Busch und lacht sich tot
[Ernst Scott in opensuse-de]

More information about the AppArmor mailing list