apparmor directory

Kapil Thangavelu kapil.thangavelu at canonical.com
Tue Nov 8 12:38:35 UTC 2011


Excerpts from Gustavo Niemeyer's message of Tue Nov 08 04:51:52 -0500 2011:
> Just spotted an exchange in a bug regarding the apparmor directory,
> and would like to raise Kapil's comment more generally.
> 
> Besides the "charm proof" command complaining about the lack of an
> "apparmor" directory, the wiki page at
> https://juju.ubuntu.com/AppArmor has the following comment:
> 
> """
> If you do not need any profiles, because they are all contained in
> packages, you can touch a file in the directory.
> 
> $ touch apparmor/__NONE
> """
> 
> This feels sub-optimal, both because we never agreed to enforce
> apparmor usage, and because the lack of a directory feels like a
> cleaner way to convey an optional feature than such a file.

agreed, if its an optional, don't make the user have to think about it.

> 
> Would there be a page somewhere with a list of other practices the
> "charm proof" command is enforcing?
> 

not afaik outside of, mostly the checks are referenced elsewhere by charms 
should pass the tool itself rather than check enumeration, which itself is 
fluid, as evidenced by the new apparmor dir requirement.

http://bazaar.launchpad.net/~charmers/charm-tools/trunk/view/head:/scripts/proof

this discussion seems like it could go on the public list.

cheers,

Kapil



More information about the Juju mailing list