[PATCH] apparmor: Add support for local profile customizations
Jim Fehlig
jfehlig at suse.com
Thu Jun 29 21:47:26 UTC 2023
On 6/26/23 14:46, Christian Boltz wrote:
> [Please CC me, I'm not subscribed to the mailinglist]
>
> Hello,
>
> regarding the initial patch in this thread: The patch looks good and
> should go upstream IMHO. (Maybe except creating the dummy local/* files
> for AppArmor 3.x - see below for details.)
>
> A note about what you mentioned in the patch comment:
> If someone uses aa-logprof to update a profile, it will modify the
> profile, _not_ the local/ file. (Changing that is on the TODO list, but so
> far nobody did it.)
> Therefore I'm not sure if switching from %config(noreplace) to %config is
> a good idea.
Hmm. The impetus for that change was a scenario where a new rule in the libvirtd
profile was needed for correct VM operation, but the updated profile was not
replaced due to local edits. It seems either approach will eventually result in
bug reports :-(.
Regards,
Jim
More information about the libvir-list
mailing list