> ---------------------------------------- > From: Geo Kozey via arch-general <arch-general@xxxxxxxxxxxxx> > Sent: Sat Sep 22 18:23:58 CEST 2018 > To: David Runge <dave@xxxxxxxxxxx> > Cc: Geo Kozey <geokozey@xxxxxxxxxxxxx>, General Discussion about Arch Linux <arch-general@xxxxxxxxxxxxx> > Subject: Re: AppArmor support > > > > ---------------------------------------- > > From: David Runge <dave@xxxxxxxxxxx> > > Sent: Sat Sep 22 17:43:51 CEST 2018 > > To: Geo Kozey <geokozey@xxxxxxxxxxxxx> > > Cc: General Discussion about Arch Linux <arch-general@xxxxxxxxxxxxx> > > Subject: Re: AppArmor support > > > > > > Hi Geo, > > > > On 2018-09-22 15:13:20 (+0200), Geo Kozey wrote: > > > After [0] sed rules are applied to all apparmor config files, not just > > > profiles which results in unwanted errors: > > > > > > configparser.DuplicateOptionError: While reading from > > > '/etc/apparmor/logprof.conf' [line 47]: option '/usr/bin/bash' in > > > section 'qualifiers' already exists > > > > > > You should limit it to profiles only as it was before. > > > > > > [0] https://git.archlinux.org/svntogit/community.git/commit/trunk?h=packages/apparmor&id=4dc153bf8e26239a55409ac5d1994f6575e057c5 > > Thanks for the info! > > That was indeed a problem, but not because of the profile modifications. > > I did way too broad replacements in logprof.conf, that led to the > > duplicate entries you are experiencing (as there are entries for /bin > > and /usr/bin for most binaries). > > > > I have now fixed this in 2.13.0-6 (by carefully only replacing the use > > of sbin where needed). Please let me know, if this works as intended for > > you! > > > > Best, > > David > > > > -- > > It's almost there ;) > > '/usr/bin/subdomain_parser' under [qualifiers] is still duplicated. > > I'm not sure if 'apparmor_parser' and 'subdomain_parser' under [settings] > have to be modified. IMO they should work as symlinks too. > > BTW: users transition from AUR may be complicated as now apparmor > package will contain files available in apparmor-* split packages before. > Maybe you have to add 'replaces=' for split packages. > > Yours sincerely > > G. K. Also there aren't such things like: /usr/bin/subdomain_parser /usr/bin/logprof /usr/bin/genprof in Arch anyway so creating them isn't necessary. Perhaps if there is anything left to change in [qualifiers] section, it can be upstreamed as well. Yours sincerely G. K.
