[pkg-apparmor] Bug#871441: apparmor: Including tunables/sys to tunables/global?
intrigeri
intrigeri at debian.org
Wed Sep 20 14:32:13 UTC 2017
Control: tag -1 + upstream
Hi,
Vincent Blut:
> /etc/apparmor.d/tunables/proc being part of
> /etc/apparmor.d/tunables/global, I’m wondering if there are any reasons
> preventing the sysfs pseudo file system location variable (defined in
> /etc/apparmor.d/tunables/sys) from being included as well?
Good question! I have no idea.
I see that tunables/sys was introduced in 2012 by John (Cc'ed) as part
of a commit that adds "abstractions to support the apparmor api".
On my system, nothing uses these abstractions nor the @{sys} tunable.
So I admit I have no idea what problem @{sys} is meant to solve.
If it _is_ useful then it should be used everywhere instead of /sys/,
which requires quite some work for no obvious (to me) benefit.
John, what do you think?
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list