Hello,
Am Donnerstag, 29. Juni 2023, 19:05:09 CEST schrieb Jim Fehlig:
[...]
> I was going down the same path until I thought of the more brute force
> approach, which I admit to be fond of due to ease of ripping out the
> 2.x stuff when no longer needed. But yeah, two copies of the profiles
> is not nice.
I have quite some experience with [getting rid of] code duplication [1],
and "not nice" is a very diplomatic description ;-)
> I'll take a closer look at your patches now.
I had a look, and those conditional blocks look much better than
duplicating the whole directory.
Another thing you might want to add to all profiles and abstractions for
AppArmor >= 3.0 is
abi <abi/3.0>,
This will enable enforcing of some newer rule types - which might mean
that you need to add a few new rules to the profiles.
See the "Feature ABI" section in man 5 apparmor.d for details.
(Since this is unrelated to local/, adding the abi lines should probably
be a separate patch.)
Regards,
Christian Boltz
[1] unrelated to AppArmor
--
File Not Found.....Loading something that looks similar
Attachment:
signature.asc
Description: This is a digitally signed message part.
