[pkg-apparmor] Bug#883682: don't install features-file as conffile for easier overriding
Laurent Bigonville
bigon at debian.org
Fri Dec 8 14:41:10 UTC 2017
On Thu, 07 Dec 2017 10:08:54 +0100 intrigeri <intrigeri at debian.org> wrote:
[...]
>
> I think we should:
>
> - move the features file to a non-conffile location ASAP: not only it
> makes little sense for it to be a conffile, but if I manage to get
> a pinned feature set in Stretch at some point you'll want this in
> order to divert the features file; I am finalizing a new upload
> to sid as we speak, but I can wait a bit for you to finish your
> patch so I can include it. Ideally I would like to upload today,
> worst case tomorrow, to fix #883703 ASAP.
>
Again not really up2date with apparmor, but the features file seems to
be part of the policy, if a policy creator wants to modify the policy he
might need to modify this file as well same if a user is building his
own kernel. I'm not sure why it was necessary to move in a /usr/share
location. There seems to have no override mechanism here that meas that
if anybody has modified the features file now that you move that file to
/usr it means that the changes will completely be ignored (leading to
possible boot failures).
The complete policy is already in /etc (that's something that I dislike
about Apparmor) anyway
my 2¢
More information about the pkg-apparmor-team
mailing list