---------------------------------------- From: David Runge <dave@sleepmap.de> Sent: Fri Sep 14 11:24:09 CEST 2018 To: Geo Kozey <geokozey@mailfence.com> Cc: General Discussion about Arch Linux <arch-general@archlinux.org> Subject: Re: [arch-general] AppArmor support
On 2018-09-13 20:52:23 (+0200), Geo Kozey wrote:
---------------------------------------- From: David Runge <dave@sleepmap.de> Sent: Thu Sep 13 19:51:49 CEST 2018 To: General Discussion about Arch Linux <arch-general@archlinux.org> Subject: Re: [arch-general] AppArmor support
It is now in [community-testing]. Feel free to comment and suggest improvements!
Best, David
The profile filenames doesn't matter (bin.ping, usr.bin.ping or ping-pong will work the same. It only matters what's inside). You don't have to change them[0]. Perhaps it will be better to leave them untouched for easier comparison with upstream. The thing is: Some of them only reference /bin, /sbin or /usr/sbin, which needs to be replaced for our use-case. That is not easily achieved using sed, without also changing the includes of the override files in local/. A rename was therefore the easiest solution to this problem.
If I find some time over the coming days I might have another go at it to see if there's another way of achieving the internal replaces without moving files. Problematically the files are not very unified.
2.13.1 release will be very soon[1] with better usrmerge support which means modifying profiles inside with sed won't be needed to. Hmm, they only mention usrmerge on one file... lol.
Thanks for the input!
Best, David
They called it 'binmerge' :) https://gitlab.com/apparmor/apparmor/commit/4200932d8fb31cc3782d96dd8312511e... I think this should fix issues with referencing filenames that you mentioned. If there's something else left you may try to open issue/merge request upstream. BTW: Upstream URL should be https://gitlab.com/apparmor/apparmor as this is where develeopment activity occurs. Yours sincerely G. K.