[pkg-apparmor] [apparmor-profiles-extra] 01/02: Add a script allowing the source package to put specific profiles in complain mode.
intrigeri
intrigeri at debian.org
Sat Sep 9 17:50:39 UTC 2017
Hi!
Christian Boltz:
> Am Donnerstag, 20. Juli 2017, 15:50:45 CEST schrieb intrigeri:
>> Christian Boltz:
>> > What about
>> > - aa-complain -d $directory_with_the_profile $profile_file
>>
>> Does aa-complain only edits the profile file, or does it interact with
>> the kernel in any way? (The manpage does not make this clear to me.)
>>
>> If the former, happy to switch to this approach :)
> # aa-complain --help | tail -n1
> --no-reload Do not reload the profile after modifying it
> ;-)
Cool! Indeed, I only looked at the manpage. I'll switch
apparmor-profiles-extra to aa-complain right away: it already
build-depends on apparmor so it can as well build-depend on
apparmor-utils.
But I don't think I can do the same in src:apparmor, because this
would introduce either a self-referencing build-dependency (and anyone
bootstrapping new architectures will hate me), or I would need to use
aa-complain from the source package itself and this feels cumbersome
given we already have something that works just fine.
> And as I just noticed, --no-reload is missing from the manpage :-(
> Patch for several aa-* manpages sent.
You rock, thanks!
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list