On 6/26/23 14:46, Christian Boltz wrote:
[Please CC me, I'm not subscribed to the mailinglist] Hello, regarding the initial patch in this thread: The patch looks good and should go upstream IMHO. (Maybe except creating the dummy local/* files for AppArmor 3.x - see below for details.) A note about what you mentioned in the patch comment: If someone uses aa-logprof to update a profile, it will modify the profile, _not_ the local/ file. (Changing that is on the TODO list, but so far nobody did it.) Therefore I'm not sure if switching from %config(noreplace) to %config is a good idea.
Hmm. The impetus for that change was a scenario where a new rule in the libvirtd profile was needed for correct VM operation, but the updated profile was not replaced due to local edits. It seems either approach will eventually result in bug reports :-(.
Regards, Jim
