[apparmor] RFC: using variables to make profiles more flexible
Vincas Dargis
vindrg at gmail.com
Sun Dec 3 11:20:56 UTC 2017
On 2017-12-03 13:04, intrigeri wrote:
> Vincas Dargis:
>> To wrap this up, I am suggesting to apply this guideline and refactor current
>> profiles (and consider it while writing new ones), to use variables and some sort of
>> tunables include, like directory:
>
> Looks great to me!
What about actual implementation, should we "push":
* `tunables/usr.bin.thunderbird` empty file (same as with local/usr.bin.thunderbird), or
* `tunables/usr.bin.thunderbird.d` directory for more flexibility, but without a file (user should create one himself)?
Or maybe these tunables should be placed deeper, like:
`tunables/<something>/usr.bin.thunderbird{,.d}`
More information about the AppArmor
mailing list