[apparmor] [RFC] Refactoring apparmor-profiles repository

John Johansen john.johansen at canonical.com
Fri Jun 15 17:05:54 UTC 2018


On 06/15/2018 09:36 AM, Vincas Dargis wrote:
> On 6/14/18 10:22 PM, Jamie Strandboge wrote:
>> Your idea about apparmor/2.13,
>> apparmor/2.12 is interesting. I suspect there will be some duplication
>> there too, but I'm not terribly about it.
> 
> Yes there will be duplication for the packages that ships updates in stable versions (like Thunderbird and Firefox), while AppArmor abstractions are not being upgraded. That's the main point of basing on AppArmor versions - for clearly defining available abstractions (and their update) and for policy features/versions, that profiles depend heavily on.
> 

So I agree that the repo should be refactored but I am not sure this
is the approach that should be taken (possibly for older policy) I
need to think about it more. With all policy becoming versioned we are
going to see a mixing of different version on the same system. We
certainly could segregate on version, making it easier to see what
hasn't been updated but then profiles that haven't been updated might
get left out and that isn't what we want either.




More information about the AppArmor mailing list