[apparmor] RFC: using variables to make profiles more flexible
John Johansen
john.johansen at canonical.com
Mon Dec 4 20:15:57 UTC 2017
On 12/04/2017 10:37 AM, Vincas Dargis wrote:
> On 2017-12-04 20:04, John Johansen wrote:>> This would allow user to extend `@{totem_extra_read_dirs}` for his own use case, maybe ever overwrite (is this possible?) with `=` instead of `+=`, if he does not like access to default media/mnt/opt/srv paths.
>>>
>> sorry no overwriting is currently not supported
>
> Could it be supported in the future at all, if order of definitions does not matter? I mean, this new feature could break things (start to override instead of extend).
Override, is problematic but not impossible. There needs to be some very clear definition of what is being over-ridden and what happens to extending rules. It is certainly something we should consider
More information about the AppArmor
mailing list