[apparmor] Sharing profiles maintenance once they're ready for production

John Johansen john.johansen at canonical.com
Wed Mar 12 07:50:28 UTC 2014


On 03/09/2014 10:52 AM, intrigeri wrote:
> Hi,
> 
> intrigeri wrote (17 Jan 2014 17:24:48 GMT) :
> [... snip ...]
>> So, I have a few questions for more experienced people around there:
> 
>> 1. I've little experience maintaining profiles in a cross-distro way,
>>    but I suspect that tunables should be enough to cope with most
>>    distribution-specific deltas. What do you think?
>

It does cope with many, but not all. We need to be able to cope with
different application versions, application configurations, apparmor
userspace versions, apparmor kernel versions, and different policy
goals. I think different policy goals is the one that is the hardest
to support, but even it could benefit from being able to merge in
changes from an upstream that is collecting different changes.

>> 2. Was this discussed previously? Was the idea of a cross-distro VCS
>>    repository for shared maintenance of profiles investigated yet?
> 
its one of those bikeshedding topics :)




More information about the AppArmor mailing list