[apparmor] Working on syndaemon protocol, should pidfiles be supported?

Cameron Norman camerontnorman at gmail.com
Sat Jun 6 20:41:04 UTC 2015


This morning I tried to write a syndaemon profile and quickly got
stuck because syndaemon supports a pidfile option, but there is no
standard place to put the pidfile.

I was going to just put the profile in complain mode, but I realized
no use of syndaemon in Debian/Ubuntu
({mate,cinnamon,gnome,xfce4}-settings-daemon) actually employs the
pidfile option -- they all monitor the daemon themselves.

So I am now thinking it would be best to put it in enforce mode with a
"standard" pidfile location ($XDG_RUNTIME_DIR/syndaemon.pid).

Thoughts, recommendations?

Cameron Norman

More information about the AppArmor mailing list