[apparmor] AppArmor and /etc/
Marco d'Itri
md at Linux.IT
Mon Feb 5 21:13:19 UTC 2018
On Feb 05, Jamie Strandboge <jamie at canonical.com> wrote:
> It continues to be a tricky problem. I think mostly we really need to
> make sure the binary policy is on the same partition as the text
> policy. If we start thinking of it as binary policy, perhaps we can
> instead put it in /lib. Eg, /lib/apparmor/policy. FHS adherents will
> argue that this isn't the right place, but /etc is no better and the
> FHS doesn't handle early boot well at all (this is presumably why
> system uses /lib/systemd/system).
If the binary policy may change when /etc is changed then the only
options are /etc/ and /var/.
Please please please do not break this: /lib (which nowadays is
a symlink to /usr/lib) is immutable and can be shared between systems.
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20180205/6259075a/attachment.sig>
More information about the AppArmor
mailing list