[apparmor] cross-distribution profile repo

Jamie Strandboge jamie at canonical.com
Mon Jul 28 14:42:29 UTC 2014


On 07/27/2014 12:47 PM, Christian Boltz wrote:
> Hello,
> 
> I discussed a bit with intrigeri about a profile repo for cross-distribution 
> usage and profile sharing. Here's the log - feedback welcome ;-)
> 
> 
> [19:04:10] <cboltz> BTW: we should find a solution for managing distro-specific profiles
> [19:04:18] <cboltz> and, more important, sharing them between distros ;-)
> [19:07:02] <intrigeri> yep. I still have an unfinished draft reply on the relevant thread
> [19:07:10] <intrigeri> ... with low-hanging fruits action items.
> [19:08:47] <cboltz> just as a quick idea: http://paste.opensuse.org/96760488
> 
> + apparmor-profiles
>   |-- debian
>   |   |-- Wheezy
>   |   '-- Jessie
>   |-- openSUSE
>   |   |-- 12.3
>   |   '-- 13.1
>   '-- Ubuntu
>       |-- Trusty_Tahr
>       '-- Utopic_Unicorn
> 

This is the intent for apparmor-profiles, but so far only Ubuntu has put
profiles there. I think it would be great to have other distro profiles in
there. You've probably seen this, but in case you haven't:

http://wiki.apparmor.net/index.php/Profiles

Now, the way Ubuntu handles profiles is that we ship production distro-profiles
in the packages themselves and the apparmor-profiles repository is a place for
in progress profiles or profiles that for some reason don't fit with the distro.
We ship the profiles in the packages themselves so that package maintainers (ie,
the people who know the software being confined best) are able to update the
profiles and also to avoid a central profiles package that is gated on a handful
of developers (or fewer). As such, the apparmor-profiles bzr repo doesn't have
the profiles that Ubuntu actually ships (but we do leave the profile file in
place with a note on where to find the official profile (see
ubuntu/14.10/usr.bin.evince as an example).

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140728/a0951230/attachment.pgp>


More information about the AppArmor mailing list