[PATCH V2 0/3] apparmor: Add support for local profile customizations
Christian Boltz
apparmor at cboltz.de
Thu Jun 29 19:39:28 UTC 2023
Hello,
Am Donnerstag, 29. Juni 2023, 19:05:09 CEST schrieb Jim Fehlig:
[...]
> I was going down the same path until I thought of the more brute force
> approach, which I admit to be fond of due to ease of ripping out the
> 2.x stuff when no longer needed. But yeah, two copies of the profiles
> is not nice.
I have quite some experience with [getting rid of] code duplication [1],
and "not nice" is a very diplomatic description ;-)
> I'll take a closer look at your patches now.
I had a look, and those conditional blocks look much better than
duplicating the whole directory.
Another thing you might want to add to all profiles and abstractions for
AppArmor >= 3.0 is
abi <abi/3.0>,
This will enable enforcing of some newer rule types - which might mean
that you need to add a few new rules to the profiles.
See the "Feature ABI" section in man 5 apparmor.d for details.
(Since this is unrelated to local/, adding the abi lines should probably
be a separate patch.)
Regards,
Christian Boltz
[1] unrelated to AppArmor
--
File Not Found.....Loading something that looks similar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20230629/2563b7ee/attachment.sig>
More information about the libvir-list
mailing list