apparmor directory
Kapil Thangavelu
kapil.thangavelu at canonical.com
Tue Nov 8 12:38:35 UTC 2011
Excerpts from Gustavo Niemeyer's message of Tue Nov 08 04:51:52 -0500 2011:
> Just spotted an exchange in a bug regarding the apparmor directory,
> and would like to raise Kapil's comment more generally.
>
> Besides the "charm proof" command complaining about the lack of an
> "apparmor" directory, the wiki page at
> https://juju.ubuntu.com/AppArmor has the following comment:
>
> """
> If you do not need any profiles, because they are all contained in
> packages, you can touch a file in the directory.
>
> $ touch apparmor/__NONE
> """
>
> This feels sub-optimal, both because we never agreed to enforce
> apparmor usage, and because the lack of a directory feels like a
> cleaner way to convey an optional feature than such a file.
agreed, if its an optional, don't make the user have to think about it.
>
> Would there be a page somewhere with a list of other practices the
> "charm proof" command is enforcing?
>
not afaik outside of, mostly the checks are referenced elsewhere by charms
should pass the tool itself rather than check enumeration, which itself is
fluid, as evidenced by the new apparmor dir requirement.
http://bazaar.launchpad.net/~charmers/charm-tools/trunk/view/head:/scripts/proof
this discussion seems like it could go on the public list.
cheers,
Kapil
More information about the Juju
mailing list